· 6 years ago · Nov 13, 2019, 08:41 AM
1######################################################################################################################################
2======================================================================================================================================
3Hostname www.udi.cl ISP IFX Corporation
4Continent South America Flag
5CL
6Country Chile Country Code CL
7Region Santiago Metropolitan Local time 13 Nov 2019 02:01 -03
8City Santiago Postal Code Unknown
9IP Address 200.73.54.34 Latitude -33.451
10 Longitude -70.665
11======================================================================================================================================
12######################################################################################################################################
13> www.udi.cl
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18www.udi.cl canonical name = udi.cl.
19Name: udi.cl
20Address: 200.73.54.34
21>
22#####################################################################################################################################
23Domain name: udi.cl
24Registrant name: Partido Union Democrata Independiente (UNION DEMOCRATA INDEPENDIENTE)
25Registrant organisation:
26Registrar name: NIC Chile
27Registrar URL: https://www.nic.cl
28Creation date: 1997-09-05 12:21:41 CLST
29Expiration date: 2020-09-30 21:21:41 CLST
30Name server: ns1.maxtel.cl
31Name server: secundario.nic.cl
32######################################################################################################################################
33[+] Target : www.udi.cl
34
35[+] IP Address : 200.73.54.34
36
37[+] Headers :
38
39[+] Date : Wed, 13 Nov 2019 05:38:25 GMT
40[+] Server : Apache
41[+] Link : <https://www.udi.cl/wp-json/>; rel="https://api.w.org/"
42[+] Keep-Alive : timeout=5, max=100
43[+] Connection : Keep-Alive
44[+] Transfer-Encoding : chunked
45[+] Content-Type : text/html; charset=UTF-8
46
47[+] SSL Certificate Information :
48
49[+] commonName : udi.cl
50[+] countryName : US
51[+] stateOrProvinceName : TX
52[+] localityName : Houston
53[+] organizationName : cPanel, Inc.
54[+] commonName : cPanel, Inc. Certification Authority
55[+] Version : 3
56[+] Serial Number : 741211B3120B5FEBB1F623E7F9F34DC7
57[+] Not Before : Aug 31 00:00:00 2019 GMT
58[+] Not After : Nov 29 23:59:59 2019 GMT
59[+] OCSP : ('http://ocsp.comodoca.com',)
60[+] subject Alt Name : (('DNS', 'udi.cl'), ('DNS', 'cpanel.udi.cl'), ('DNS', 'mail.udi.cl'), ('DNS', 'webdisk.udi.cl'), ('DNS', 'webmail.udi.cl'), ('DNS', 'www.udi.cl'))
61[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
62[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
63
64[+] Whois Lookup :
65
66[+] NIR : None
67[+] ASN Registry : lacnic
68[+] ASN : 18747
69[+] ASN CIDR : 200.73.0.0/18
70[+] ASN Country Code : CO
71[+] ASN Date : 2001-06-27
72[+] ASN Description : IFX18747 - IFX Corporation, US
73[+] cidr : 200.73.32.0/19
74[+] name : None
75[+] handle : AND9
76[+] range : 200.73.32/19
77[+] description : IFX Networks Chile S.A
78[+] country : CL
79[+] state : None
80[+] city : None
81[+] address : None
82[+] postal_code : None
83[+] emails : ['soc@IFXCORP.COM']
84[+] created : 20160609
85[+] updated : 20181008
86
87[+] Crawling Target...
88
89[+] Looking for robots.txt........[ Found ]
90[+] Extracting robots Links.......[ 2 ]
91[+] Looking for sitemap.xml.......[ Found ]
92[+] Extracting sitemap Links......[ 95 ]
93[+] Extracting CSS Links..........[ 5 ]
94[+] Extracting Javascript Links...[ 1 ]
95[+] Extracting Internal Links.....[ 37 ]
96[+] Extracting External Links.....[ 6 ]
97[+] Extracting Images.............[ 10 ]
98
99[+] Total Links Extracted : 156
100
101[+] Dumping Links in /opt/FinalRecon/dumps/www.udi.cl.dump
102[+] Completed!
103######################################################################################################################################
104[i] Scanning Site: https://www.udi.cl
105
106
107
108B A S I C I N F O
109====================
110
111
112[+] Site Title: UDI | Popular
113[+] IP address: 200.73.54.34
114[+] Web Server: Apache
115[+] CMS: WordPress
116[+] Cloudflare: Not Detected
117[+] Robots File: Found
118
119-------------[ contents ]----------------
120User-agent: *
121Disallow: /wp-admin/
122Allow: /wp-admin/admin-ajax.php
123
124Sitemap: https://www.udi.cl/sitemap.xml
125
126-----------[end of contents]-------------
127
128
129
130W H O I S L O O K U P
131========================
132
133Domain name: udi.cl
134Registrant name: Partido Union Democrata Independiente (UNION DEMOCRATA INDEPENDIENTE)
135Registrant organisation:
136Registrar name: NIC Chile
137Registrar URL: https://www.nic.cl
138Creation date: 1997-09-05 12:21:41 CLST
139Expiration date: 2020-09-30 21:21:41 CLST
140Name server: ns1.maxtel.cl
141Name server: secundario.nic.cl
142
143
144
145
146G E O I P L O O K U P
147=========================
148
149[i] IP Address: 200.73.54.34
150[i] Country: Chile
151[i] State:
152[i] City:
153[i] Latitude: -33.4378
154[i] Longitude: -70.6503
155
156
157
158
159H T T P H E A D E R S
160=======================
161
162
163[i] HTTP/1.1 200 OK
164[i] Date: Wed, 13 Nov 2019 05:39:08 GMT
165[i] Server: Apache
166[i] Link: <https://www.udi.cl/wp-json/>; rel="https://api.w.org/"
167[i] Connection: close
168[i] Content-Type: text/html; charset=UTF-8
169
170
171
172
173D N S L O O K U P
174===================
175
176udi.cl. 14399 IN MX 1 aspmx.l.google.com.
177udi.cl. 14399 IN MX 5 alt1.aspmx.l.google.com.
178udi.cl. 14399 IN MX 5 alt2.aspmx.l.google.com.
179udi.cl. 14399 IN MX 10 alt3.aspmx.l.google.com.
180udi.cl. 14399 IN MX 10 alt4.aspmx.l.google.com.
181udi.cl. 14399 IN TXT "v=spf1 ip4:200.73.54.34 +a +mx +ip4:200.73.54.36 +ip4:200.111.139.64/29 +ip4:209.173.141.192/26 +ip4:198.57.128.0/17 ~all"
182udi.cl. 21599 IN SOA ns1.maxtel.cl. jjara.maxtel.cl. 2019110800 3600 7200 1209600 86400
183udi.cl. 21599 IN NS ns1.maxtel.cl.
184udi.cl. 21599 IN NS ns2.maxtel.cl.
185udi.cl. 14399 IN A 200.73.54.34
186
187
188
189
190S U B N E T C A L C U L A T I O N
191====================================
192
193Address = 200.73.54.34
194Network = 200.73.54.34 / 32
195Netmask = 255.255.255.255
196Broadcast = not needed on Point-to-Point links
197Wildcard Mask = 0.0.0.0
198Hosts Bits = 0
199Max. Hosts = 1 (2^0 - 0)
200Host Range = { 200.73.54.34 - 200.73.54.34 }
201
202
203
204N M A P P O R T S C A N
205============================
206
207Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-13 05:39 UTC
208Nmap scan report for udi.cl (200.73.54.34)
209Host is up (0.14s latency).
210rDNS record for 200.73.54.34: mail.maxtel.cl
211
212PORT STATE SERVICE
21321/tcp open ftp
21422/tcp filtered ssh
21523/tcp filtered telnet
21680/tcp open http
217110/tcp open pop3
218143/tcp open imap
219443/tcp open https
2203389/tcp filtered ms-wbt-server
221
222Nmap done: 1 IP address (1 host up) scanned in 3.89 seconds
223
224
225
226S U B - D O M A I N F I N D E R
227==================================
228
229
230[i] Total Subdomains Found : 4
231
232[+] Subdomain: www.transparencia.udi.cl
233[-] IP: 200.73.54.34
234
235[+] Subdomain: webdisk.udi.cl
236[-] IP: 200.73.54.34
237
238[+] Subdomain: cpanel.udi.cl
239[-] IP: 200.73.54.34
240
241[+] Subdomain: webmail.udi.cl
242[-] IP: 200.73.54.34
243######################################################################################################################################
244[+] Starting At 2019-11-13 00:38:42.691814
245[+] Collecting Information On: https://www.udi.cl/
246[#] Status: 200
247--------------------------------------------------
248[#] Web Server Detected: Apache
249[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
250- Date: Wed, 13 Nov 2019 05:38:44 GMT
251- Server: Apache
252- Link: <https://www.udi.cl/wp-json/>; rel="https://api.w.org/"
253- Keep-Alive: timeout=5, max=100
254- Connection: Keep-Alive
255- Transfer-Encoding: chunked
256- Content-Type: text/html; charset=UTF-8
257--------------------------------------------------
258[#] Finding Location..!
259[#] status: success
260[#] country: Chile
261[#] countryCode: CL
262[#] region: RM
263[#] regionName: Santiago Metropolitan
264[#] city: Santiago
265[#] zip:
266[#] lat: -33.4513
267[#] lon: -70.6653
268[#] timezone: America/Santiago
269[#] isp: IFX Corporation
270[#] org: IFX Networks Chile S.A
271[#] as: AS18747 IFX Corporation
272[#] query: 200.73.54.34
273--------------------------------------------------
274[x] Didn't Detect WAF Presence on: https://www.udi.cl/
275--------------------------------------------------
276[#] Starting Reverse DNS
277[-] Failed ! Fail
278--------------------------------------------------
279[!] Scanning Open Port
280[#] 21/tcp open ftp
281[#] 53/tcp open domain
282[#] 80/tcp open http
283[#] 110/tcp open pop3
284[#] 143/tcp open imap
285[#] 443/tcp open https
286[#] 465/tcp open smtps
287[#] 587/tcp open submission
288[#] 993/tcp open imaps
289[#] 995/tcp open pop3s
290[#] 8080/tcp open http-proxy
291--------------------------------------------------
292[+] Collecting Information Disclosure!
293[#] Detecting sitemap.xml file
294[!] sitemap.xml File Found: https://www.udi.cl//sitemap.xml
295[#] Detecting robots.txt file
296[!] robots.txt File Found: https://www.udi.cl//robots.txt
297[#] Detecting GNU Mailman
298[!] GNU Mailman App Detected: https://www.udi.cl//mailman/admin
299[!] version: 2.1.29
300--------------------------------------------------
301[+] Crawling Url Parameter On: https://www.udi.cl/
302--------------------------------------------------
303[#] Searching Html Form !
304[-] No Html Form Found!?
305--------------------------------------------------
306[!] Found 6 dom parameter
307[#] https://www.udi.cl//#
308[#] https://www.udi.cl//#
309[#] https://www.udi.cl//#
310[#] https://www.udi.cl//#
311[#] https://www.udi.cl//#myCarousel
312[#] https://www.udi.cl//#myCarousel
313--------------------------------------------------
314[!] 1 Internal Dynamic Parameter Discovered
315[+] https://twitter.com/udipopular?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.udi.cl%2Fcategoria%2Fpartido%2F
316--------------------------------------------------
317[!] 2 External Dynamic Parameter Discovered
318[#] http://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=PP026
319[#] http://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=PP026
320--------------------------------------------------
321[!] 48 Internal links Discovered
322[+] https://www.udi.cl/wp-content/themes/udi/apple-touch-icon.png
323[+] https://www.udi.cl/wp-content/themes/udi/favicon.ico
324[+] https://www.udi.cl/wp-content/themes/udi/font-awesome-4.7.0/css/font-awesome.css
325[+] https://www.udi.cl/wp-content/themes/udi/css/main.css
326[+] https://www.udi.cl/wp-content/themes/udi/css/menu.css
327[+] https://www.udi.cl//militantes.html
328[+] https://www.udi.cl
329[+] https://www.udi.cl/regional/
330[+] https://www.udi.cl/resultados-elecciones-internas/
331[+] https://www.udi.cl/sentencias-de-proclamacion/
332[+] https://www.udi.cl/consejeros-nacionales/
333[+] https://www.udi.cl/doctrina-y-principios/historia/
334[+] https://www.udi.cl/doctrina-y-principios/jaime-guzman/
335[+] https://www.udi.cl/doctrina-y-principios/declaracion-de-principios/
336[+] https://www.udi.cl/doctrina-y-principios/estatutos/
337[+] https://www.udi.cl/ficha-de-inscripcion-candidatos/
338[+] https://www.udi.cl/somos-udi/comision-politica/
339[+] https://www.udi.cl/somos-udi/mujeres-en-la-cancha-2/
340[+] https://www.udi.cl/somos-udi/directivas-regionales/
341[+] https://www.udi.cl/somos-udi/comite-electoral/
342[+] https://www.udi.cl/somos-udi/organica/
343[+] https://www.udi.cl/somos-udi/directiva-nacional/
344[+] https://www.udi.cl/somos-udi/tribunal-supremo/
345[+] https://www.udi.cl/noticias/
346[+] https://www.udi.cl/representantes/ministros/
347[+] https://www.udi.cl/representantes/subsecretarios/
348[+] https://www.udi.cl/representantes/intendentes/
349[+] https://www.udi.cl/representantes/gobernaciones/
350[+] https://www.udi.cl/representantes/senadores/
351[+] https://www.udi.cl/representantes/diputados/
352[+] https://www.udi.cl/representantes/consejeros-regionales/
353[+] https://www.udi.cl/representantes/alcaldes/
354[+] https://www.udi.cl/representantes/concejales/
355[+] https://www.udi.cl/militantes/curso-de-formacion/
356[+] https://www.udi.cl/militantes/datosmetropolitana/
357[+] https://www.udi.cl/militantes/ficha-militantes/
358[+] https://www.udi.cl/militantes/ficha-adherentes-union-democrata-independiente/
359[+] https://transparencia.udi.cl/
360[+] https://www.udi.cl/representantes/senadores/
361[+] https://www.udi.cl/representantes/diputados/
362[+] https://www.udi.cl/slider_home/invitacion/
363[+] https://www.udi.cl/noticia/udi-realizara-conversatorios-con-sus-bases-encuesta-a-militantes-y-convocara-a-consejo-directivo-ampliado-para-levantar-propuestas-frente-a-demandas-sociales/
364[+] https://www.udi.cl/noticia/diputado-coloma-por-baja-en-desaprobacion-al-presidente-pinera-el-liderazgo-nacional-e-internacional-del-presidente-ha-influido-positivamente-en-esta-encuesta/
365[+] https://www.udi.cl/noticia/udi-agradece-y-valora-gestion-de-felipe-salaberry-tras-su-renuncia-a-la-subsecretaria-de-desarrollo-regional/
366[+] https://www.udi.cl/noticia/senadora-van-rysselberghe-entrega-respaldo-a-cristian-labbe-y-califica-de-injusto-que-a-ex-militares-se-les-siga-procesando-bajo-el-sistema-penal-antiguo/
367[+] https://www.udi.cl/elecciones-internas-2018/
368[+] https://www.udi.cl//tel:+56222414200
369[+] https://www.udi.cl//mailto:secretariageneral@udi.cl
370--------------------------------------------------
371[!] 15 External links Discovered
372[#] https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
373[#] https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
374[#] http://mujeresenlacancha.soleduc.cl/
375[#] http://browsehappy.com/
376[#] https://www.facebook.com/udipartidopopular/
377[#] https://www.youtube.com/channel/UCzHoTEB_G16bniZuyxdak2Q
378[#] https://www.instagram.com/udipopular/
379[#] http://www.idu.org/
380[#] http://www.jaimeguzman.cl/
381[#] http://lyd.org/
382[#] https://www.facebook.com/nuevasgeneracionesudi/
383[#] https://www.facebook.com/udipartidopopular/
384[#] https://twitter.com/udipopular/
385[#] https://www.youtube.com/channel/UCzHoTEB_G16bniZuyxdak2Q
386[#] https://www.instagram.com/udipopular/
387--------------------------------------------------
388[#] Mapping Subdomain..
389[!] Found 5 Subdomain
390- transparencia.udi.cl
391- www.transparencia.udi.cl
392- webdisk.udi.cl
393- cpanel.udi.cl
394- webmail.udi.cl
395--------------------------------------------------
396[!] Done At 2019-11-13 00:39:39.063851
397#######################################################################################################################################
398Trying "udi.cl"
399;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51645
400;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 2, ADDITIONAL: 2
401
402;; QUESTION SECTION:
403;udi.cl. IN ANY
404
405;; ANSWER SECTION:
406udi.cl. 14400 IN A 200.73.54.34
407udi.cl. 43200 IN SOA ns1.maxtel.cl. jjara.maxtel.cl. 2019110800 3600 7200 1209600 86400
408udi.cl. 14400 IN TXT "v=spf1 ip4:200.73.54.34 +a +mx +ip4:200.73.54.36 +ip4:200.111.139.64/29 +ip4:209.173.141.192/26 +ip4:198.57.128.0/17 ~all"
409udi.cl. 14400 IN MX 10 alt4.aspmx.l.google.com.
410udi.cl. 14400 IN MX 10 alt3.aspmx.l.google.com.
411udi.cl. 14400 IN MX 1 aspmx.l.google.com.
412udi.cl. 14400 IN MX 5 alt2.aspmx.l.google.com.
413udi.cl. 14400 IN MX 5 alt1.aspmx.l.google.com.
414udi.cl. 3600 IN NS ns2.maxtel.cl.
415udi.cl. 3600 IN NS ns1.maxtel.cl.
416
417;; AUTHORITY SECTION:
418udi.cl. 3600 IN NS ns2.maxtel.cl.
419udi.cl. 3600 IN NS ns1.maxtel.cl.
420
421;; ADDITIONAL SECTION:
422aspmx.l.google.com. 289 IN A 172.217.197.26
423ns1.maxtel.cl. 3600 IN A 200.73.54.34
424
425Received 437 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 179 ms
426######################################################################################################################################
427
428; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace udi.cl any
429;; global options: +cmd
430. 81011 IN NS d.root-servers.net.
431. 81011 IN NS i.root-servers.net.
432. 81011 IN NS b.root-servers.net.
433. 81011 IN NS j.root-servers.net.
434. 81011 IN NS m.root-servers.net.
435. 81011 IN NS k.root-servers.net.
436. 81011 IN NS g.root-servers.net.
437. 81011 IN NS c.root-servers.net.
438. 81011 IN NS e.root-servers.net.
439. 81011 IN NS l.root-servers.net.
440. 81011 IN NS a.root-servers.net.
441. 81011 IN NS h.root-servers.net.
442. 81011 IN NS f.root-servers.net.
443. 81011 IN RRSIG NS 8 0 518400 20191125170000 20191112160000 22545 . GHUYJ8KxOGsGBbSRjytOq4i5OmkN/Q9H8pbRQe1chD5X20XeX4u4UnlL c/bYeJ320KIkuYi1rjVD4elc3hT07Dasgefz4Tu7v0MHgAbLCynsHa7S MQWS5XL4wXn8ohUEfYIq3BN2RjgHoxpoqBp6qEDJCjkhocjGYDwnShDE THMhMQpUwTr1nImR6Z4DgnBNVZ2T4QvqIzymBgiWMdHevBU2NTtJ1CAZ hmyjhwB9dC0b07g5mb4cWG8x7uuIlq3uu963JCaArl+/4u3HDj/xumk4 wGXUPtbL2dtNraKbXpvilBE6yfMRMDj/JNp+LdPLCa6UI8EBPDYlsaUu hjTs0A==
444;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 526 ms
445
446cl. 172800 IN NS b.nic.cl.
447cl. 172800 IN NS cl1.dnsnode.net.
448cl. 172800 IN NS cl1-tld.d-zone.ca.
449cl. 172800 IN NS a.nic.cl.
450cl. 172800 IN NS cl2-tld.d-zone.ca.
451cl. 172800 IN NS c.nic.cl.
452cl. 172800 IN NS cl-ns.anycast.pch.net.
453cl. 86400 IN DS 21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
454cl. 86400 IN RRSIG DS 8 1 86400 20191125170000 20191112160000 22545 . ADaZr3aD7UgdQYHHSb0wnFbvZkv4ORHOhklQPW+dXtQa0WkmPWW+cEIR YzVDhlj4IeR3rpe1VRk56QhEtn0czboniKz0irHdG7BBQ++BVBXuMeb8 oAAtDZCUvpoTJ3DLjJyh4P+kQQOIqRt9+l/3O1deQa2xLvpZJf1a3jEM 4pOsMU9+EWPIEpHnpD51yZMxCCaQjfGWPzpnSJ6Dj09/eipQ9Rq89NSx 6lN5GFDlQL/wd6bp597Vs/6lKsZlJxecCLvqMDUSPmTb+/iDVXKLx23b uQV9vMUIQZpVXwSfA2EfZLB+W+1baYUCZblTkKEpEqqNDyU0vBWU+UUU m/2kRQ==
455;; Received 816 bytes from 192.36.148.17#53(i.root-servers.net) in 323 ms
456
457udi.cl. 3600 IN NS ns1.maxtel.cl.
458udi.cl. 3600 IN NS secundario.nic.cl.
459b12omukhs97pvvp79cfcdr2co25j1al8.cl. 900 IN NSEC3 1 1 2 C12EB2C5384BD927E817E345EFBFF555 B703EBJ8QPG45S4MKLITEP1DR8P5O62N NS SOA TXT RRSIG DNSKEY NSEC3PARAM
460skpq85vsjol518k5cb3uhmrl7t1k9agk.cl. 900 IN NSEC3 1 1 2 C12EB2C5384BD927E817E345EFBFF555 T58FIE4SICURR07QK9O8FE3NP017OMBH NS DS RRSIG
461b12omukhs97pvvp79cfcdr2co25j1al8.cl. 900 IN RRSIG NSEC3 8 2 900 20191226041648 20191113043025 12363 cl. WIQXobDUgaAtBoWMeomkx7JT/z5MKL9cIkskPX7v8017Yxyt1fZnsDoA FxDsWKkpRQFqNya9toGGaGRXhwLt+HG1P3eaeYtFdceuw9b91JoyFXeF vGM7kvzZVI4j7kw3/cqABr04VZC7MBvW4zqFvCICdo4KKxe8gSNb+QIv +Yw=
462skpq85vsjol518k5cb3uhmrl7t1k9agk.cl. 900 IN RRSIG NSEC3 8 2 900 20191226201032 20191113043025 12363 cl. sgJqRXhqdc+r3R5r1+ffaoAObZ7H7d6ZPAAbufhfia+Z/eHxu155TshV brOkhWvRpO46ZUgeVvy19RjHnFYT51/EMKR0gKGCC2IvRA228rXGyBlL ZpdmQmznFH0zwhzKLnUZ9k/V9LTqfUKx5TXv9I9GiMCwPFDOA2KXrB1t CcU=
463couldn't get address for 'ns1.maxtel.cl': not found
464;; Received 620 bytes from 200.16.112.16#53(c.nic.cl) in 357 ms
465
466;; Received 63 bytes from 2001:1398:276:0:200:7:5:7#53(secundario.nic.cl) in 181 ms
467######################################################################################################################################
468[*] Performing General Enumeration of Domain: udi.cl
469[-] DNSSEC is not configured for udi.cl
470[*] SOA ns1.maxtel.cl 200.73.54.34
471[*] NS ns1.maxtel.cl 200.73.54.34
472[*] Bind Version for 200.73.54.34 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
473[*] NS ns2.maxtel.cl 200.73.54.34
474[*] Bind Version for 200.73.54.34 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
475[*] MX alt3.aspmx.l.google.com 108.177.97.26
476[*] MX alt1.aspmx.l.google.com 209.85.233.26
477[*] MX alt4.aspmx.l.google.com 173.194.202.27
478[*] MX alt2.aspmx.l.google.com 142.250.4.26
479[*] MX aspmx.l.google.com 64.233.167.27
480[*] MX alt3.aspmx.l.google.com 2404:6800:4008:c00::1b
481[*] MX alt1.aspmx.l.google.com 2a00:1450:4010:c03::1a
482[*] MX alt4.aspmx.l.google.com 2607:f8b0:400e:c00::1a
483[*] MX alt2.aspmx.l.google.com 2404:6800:4003:c06::1b
484[*] MX aspmx.l.google.com 2a00:1450:400c:c0a::1b
485[*] A udi.cl 200.73.54.34
486[*] TXT udi.cl v=spf1 ip4:200.73.54.34 +a +mx +ip4:200.73.54.36 +ip4:200.111.139.64/29 +ip4:209.173.141.192/26 +ip4:198.57.128.0/17 ~all
487[*] Enumerating SRV Records
488[-] No SRV Records Found for udi.cl
489[+] 0 Records Found
490#####################################################################################################################################
491[*] Processing domain udi.cl
492[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
493[+] Getting nameservers
494[-] Getting nameservers failed
495[-] Zone transfer failed
496
497[+] TXT records found
498"v=spf1 ip4:200.73.54.34 +a +mx +ip4:200.73.54.36 +ip4:200.111.139.64/29 +ip4:209.173.141.192/26 +ip4:198.57.128.0/17 ~all"
499
500[+] MX records found, added to target list
50110 alt3.aspmx.l.google.com.
5025 alt1.aspmx.l.google.com.
50310 alt4.aspmx.l.google.com.
5045 alt2.aspmx.l.google.com.
5051 aspmx.l.google.com.
506
507[*] Scanning udi.cl for A records
508200.73.54.34 - udi.cl
509200.73.54.34 - cpanel.udi.cl
510200.73.54.34 - ftp.udi.cl
511200.73.54.34 - webdisk.udi.cl
512200.73.54.34 - webmail.udi.cl
513200.73.54.34 - whm.udi.cl
514200.73.54.34 - www.udi.cl
515#######################################################################################################################################
516 AVAILABLE PLUGINS
517 -----------------
518
519 CompressionPlugin
520 HeartbleedPlugin
521 CertificateInfoPlugin
522 OpenSslCipherSuitesPlugin
523 RobotPlugin
524 HttpHeadersPlugin
525 EarlyDataPlugin
526 FallbackScsvPlugin
527 OpenSslCcsInjectionPlugin
528 SessionRenegotiationPlugin
529 SessionResumptionPlugin
530
531
532
533 CHECKING HOST(S) AVAILABILITY
534 -----------------------------
535
536 200.73.54.34:443 => 200.73.54.34
537
538
539
540
541 SCAN RESULTS FOR 200.73.54.34:443 - 200.73.54.34
542 ------------------------------------------------
543
544 * SSLV2 Cipher Suites:
545 Server rejected all cipher suites.
546
547 * Deflate Compression:
548 OK - Compression disabled
549
550 * TLSV1_3 Cipher Suites:
551 Server rejected all cipher suites.
552
553 * Downgrade Attacks:
554 TLS_FALLBACK_SCSV: OK - Supported
555
556 * Session Renegotiation:
557 Client-initiated Renegotiation: OK - Rejected
558 Secure Renegotiation: OK - Supported
559
560 * OpenSSL Heartbleed:
561 OK - Not vulnerable to Heartbleed
562
563 * Certificate Information:
564 Content
565 SHA1 Fingerprint: 273ff40829b2aa49bbaad35ebe3ec4314adff7fd
566 Common Name: cpanel.maxtel.cl
567 Issuer: cPanel, Inc. Certification Authority
568 Serial Number: 3588127365141681392803048207968870332
569 Not Before: 2018-04-14 00:00:00
570 Not After: 2019-04-14 23:59:59
571 Signature Algorithm: sha256
572 Public Key Algorithm: RSA
573 Key Size: 2048
574 Exponent: 65537 (0x10001)
575 DNS Subject Alternative Names: ['cpanel.maxtel.cl', 'www.cpanel.maxtel.cl']
576
577 Trust
578 Hostname Validation: FAILED - Certificate does NOT match 200.73.54.34
579 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: certificate has expired
580 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: certificate has expired
581 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: certificate has expired
582 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: certificate has expired
583 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: certificate has expired
584 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
585 Received Chain: cpanel.maxtel.cl --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
586 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
587 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
588 Received Chain Order: OK - Order is valid
589 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
590
591 Extensions
592 OCSP Must-Staple: NOT SUPPORTED - Extension not found
593 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
594
595 OCSP Stapling
596 NOT SUPPORTED - Server did not send back an OCSP response
597
598 * TLSV1_1 Cipher Suites:
599 Forward Secrecy OK - Supported
600 RC4 OK - Not Supported
601
602 Preferred:
603 None - Server followed client cipher suite preference.
604 Accepted:
605 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
606 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
607 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
608 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
609 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
610 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
611 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
612 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
613 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
614 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
615 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
616
617 * ROBOT Attack:
618 OK - Not vulnerable
619
620 * TLSV1_2 Cipher Suites:
621 Forward Secrecy OK - Supported
622 RC4 OK - Not Supported
623
624 Preferred:
625 None - Server followed client cipher suite preference.
626 Accepted:
627 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
628 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
629 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
630 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
631 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
632 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
633 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
634 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
635 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
636 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
637 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
638 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
639 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
640 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
641 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
642 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
643 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
644 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
645 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
646 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
647 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
648 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
649 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
650
651 * TLS 1.2 Session Resumption Support:
652 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
653 With TLS Tickets: OK - Supported
654
655 * OpenSSL CCS Injection:
656 OK - Not vulnerable to OpenSSL CCS injection
657
658 * SSLV3 Cipher Suites:
659 Server rejected all cipher suites.
660
661 * TLSV1 Cipher Suites:
662 Forward Secrecy OK - Supported
663 RC4 OK - Not Supported
664
665 Preferred:
666 None - Server followed client cipher suite preference.
667 Accepted:
668 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
669 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
670 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
671 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
672 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
673 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
674 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
675 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
676 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
677 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
678 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
679
680
681 SCAN COMPLETED IN 52.41 S
682 -------------------------
683#######################################################################################################################################
684Domains still to check: 1
685 Checking if the hostname udi.cl. given is in fact a domain...
686
687Analyzing domain: udi.cl.
688 Checking NameServers using system default resolver...
689 IP: 200.73.54.34 (Chile)
690 HostName: ns1.maxtel.cl Type: NS
691 HostName: mail.maxtel.cl Type: PTR
692 IP: 200.73.54.34 (Chile)
693 HostName: ns1.maxtel.cl Type: NS
694 HostName: mail.maxtel.cl Type: PTR
695 HostName: ns2.maxtel.cl Type: NS
696
697 Checking MailServers using system default resolver...
698 IP: 108.177.97.26 (United States)
699 HostName: alt3.aspmx.l.google.com Type: MX
700 HostName: tm-in-f26.1e100.net Type: PTR
701 IP: 209.85.233.27 (United States)
702 HostName: alt1.aspmx.l.google.com Type: MX
703 HostName: lr-in-f27.1e100.net Type: PTR
704 IP: 173.194.202.27 (United States)
705 HostName: alt4.aspmx.l.google.com Type: MX
706 HostName: pf-in-f27.1e100.net Type: PTR
707 IP: 142.250.4.26 (United States)
708 HostName: alt2.aspmx.l.google.com Type: MX
709 IP: 74.125.206.27 (United States)
710 HostName: aspmx.l.google.com Type: MX
711 HostName: wk-in-f27.1e100.net Type: PTR
712
713 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
714 No zone transfer found on nameserver 200.73.54.34
715 No zone transfer found on nameserver 200.73.54.34
716
717 Checking SPF record...
718 New IP found: 200.73.54.36
719 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 200.111.139.64/29, but only the network IP
720 New IP found: 200.111.139.64
721 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 209.173.141.192/26, but only the network IP
722 New IP found: 209.173.141.192
723 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 198.57.128.0/17, but only the network IP
724 New IP found: 198.57.128.0
725
726 Checking 192 most common hostnames using system default resolver...
727 IP: 200.73.54.34 (Chile)
728 HostName: ns1.maxtel.cl Type: NS
729 HostName: mail.maxtel.cl Type: PTR
730 HostName: ns2.maxtel.cl Type: NS
731 Type: SPF
732 HostName: www.udi.cl. Type: A
733 IP: 200.73.54.34 (Chile)
734 HostName: ns1.maxtel.cl Type: NS
735 HostName: mail.maxtel.cl Type: PTR
736 HostName: ns2.maxtel.cl Type: NS
737 Type: SPF
738 HostName: www.udi.cl. Type: A
739 HostName: ftp.udi.cl. Type: A
740 IP: 200.73.54.34 (Chile)
741 HostName: ns1.maxtel.cl Type: NS
742 HostName: mail.maxtel.cl Type: PTR
743 HostName: ns2.maxtel.cl Type: NS
744 Type: SPF
745 HostName: www.udi.cl. Type: A
746 HostName: ftp.udi.cl. Type: A
747 HostName: webmail.udi.cl. Type: A
748
749 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
750 Checking netblock 200.111.139.0
751 Checking netblock 198.57.128.0
752 Checking netblock 209.173.141.0
753 Checking netblock 200.73.54.0
754 Checking netblock 74.125.206.0
755 Checking netblock 142.250.4.0
756 Checking netblock 209.85.233.0
757 Checking netblock 108.177.97.0
758 Checking netblock 173.194.202.0
759
760 Searching for udi.cl. emails in Google
761 secretariageneral@udi.cl.
762 vnieto@udi.cl
763
764 Checking 10 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
765 Host 200.111.139.64 is up (reset ttl 64)
766 Host 198.57.128.0 is up (reset ttl 64)
767 Host 209.173.141.192 is up (reset ttl 64)
768 Host 200.73.54.36 is up (reset ttl 64)
769 Host 74.125.206.27 is up (echo-reply ttl 43)
770 Host 142.250.4.26 is up (reset ttl 64)
771 Host 209.85.233.27 is up (reset ttl 64)
772 Host 200.73.54.34 is up (reset ttl 64)
773 Host 108.177.97.26 is up (reset ttl 64)
774 Host 173.194.202.27 is up (reset ttl 64)
775
776 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
777 Scanning ip 200.111.139.64 ():
778 Scanning ip 198.57.128.0 ():
779 Scanning ip 209.173.141.192 ():
780 Scanning ip 200.73.54.36 ():
781 80/tcp open http syn-ack ttl 117 Microsoft IIS httpd 10.0
782 | http-methods:
783 | Supported Methods: OPTIONS TRACE GET HEAD POST
784 |_ Potentially risky methods: TRACE
785 |_http-server-header: Microsoft-IIS/10.0
786 |_http-title: IIS Windows Server
787 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
788 Scanning ip 74.125.206.27 (wk-in-f27.1e100.net (PTR)):
789 Scanning ip 142.250.4.26 (alt2.aspmx.l.google.com):
790 Scanning ip 209.85.233.27 (lr-in-f27.1e100.net (PTR)):
791 Scanning ip 200.73.54.34 (webmail.udi.cl.):
792 21/tcp open ftp syn-ack ttl 53 Pure-FTPd
793 | ssl-cert: Subject: commonName=cpanel.maxtel.cl
794 | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
795 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
796 | Public Key type: rsa
797 | Public Key bits: 2048
798 | Signature Algorithm: sha256WithRSAEncryption
799 | Not valid before: 2019-03-21T00:00:00
800 | Not valid after: 2020-03-20T23:59:59
801 | MD5: 6242 4135 c7d7 9360 e0d0 ce2a 00b7 ebf2
802 |_SHA-1: db1d 2504 45ed 5617 0259 e6c1 7025 a590 5e2c 9903
803 |_ssl-date: 2019-11-13T06:03:30+00:00; -1s from scanner time.
804 53/tcp open domain syn-ack ttl 53 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
805 | dns-nsid:
806 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
807 80/tcp open http syn-ack ttl 53 Apache httpd
808 | http-methods:
809 |_ Supported Methods: GET POST OPTIONS HEAD
810 |_http-server-header: Apache
811 |_http-title: Site doesn't have a title (text/html).
812 110/tcp open pop3 syn-ack ttl 53 Dovecot pop3d
813 |_pop3-capabilities: RESP-CODES USER TOP STLS AUTH-RESP-CODE UIDL SASL(PLAIN LOGIN) PIPELINING CAPA
814 |_ssl-date: 2019-11-13T06:03:29+00:00; -1s from scanner time.
815 143/tcp open imap syn-ack ttl 53 Dovecot imapd
816 |_imap-capabilities: listed IDLE post-login SASL-IR AUTH=PLAIN AUTH=LOGINA0001 Pre-login NAMESPACE capabilities IMAP4rev1 LITERAL+ LOGIN-REFERRALS more have STARTTLS ENABLE OK ID
817 |_ssl-date: 2019-11-13T06:03:30+00:00; -1s from scanner time.
818 443/tcp open ssl/http syn-ack ttl 53 Apache httpd
819 | http-methods:
820 |_ Supported Methods: GET POST OPTIONS HEAD
821 |_http-server-header: Apache
822 |_http-title: Site doesn't have a title (text/html).
823 | ssl-cert: Subject: commonName=cpanel.maxtel.cl
824 | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
825 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
826 | Public Key type: rsa
827 | Public Key bits: 2048
828 | Signature Algorithm: sha256WithRSAEncryption
829 | Not valid before: 2018-04-14T00:00:00
830 | Not valid after: 2019-04-14T23:59:59
831 | MD5: c339 947f d901 3eb0 1c65 68fa ce87 a842
832 |_SHA-1: 273f f408 29b2 aa49 bbaa d35e be3e c431 4adf f7fd
833 |_ssl-date: TLS randomness does not represent time
834 | tls-alpn:
835 |_ http/1.1
836 465/tcp open ssl/smtp syn-ack ttl 53 Exim smtpd 4.92
837 | smtp-commands: cpanel.maxtel.cl Hello nmap.scanme.org [160.116.0.101], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
838 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
839 | ssl-cert: Subject: commonName=cpanel.maxtel.cl
840 | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
841 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
842 | Public Key type: rsa
843 | Public Key bits: 2048
844 | Signature Algorithm: sha256WithRSAEncryption
845 | Not valid before: 2019-03-21T00:00:00
846 | Not valid after: 2020-03-20T23:59:59
847 | MD5: 6242 4135 c7d7 9360 e0d0 ce2a 00b7 ebf2
848 |_SHA-1: db1d 2504 45ed 5617 0259 e6c1 7025 a590 5e2c 9903
849 |_ssl-date: 2019-11-13T06:03:28+00:00; -1s from scanner time.
850 | vulners:
851 | cpe:/a:exim:exim:4.92:
852 | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
853 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
854 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
855 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
856 | smtp-commands: cpanel.maxtel.cl Hello nmap.scanme.org [160.116.0.101], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
857 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
858 | ssl-cert: Subject: commonName=cpanel.maxtel.cl
859 | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
860 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
861 | Public Key type: rsa
862 | Public Key bits: 2048
863 | Signature Algorithm: sha256WithRSAEncryption
864 | Not valid before: 2019-03-21T00:00:00
865 | Not valid after: 2020-03-20T23:59:59
866 | MD5: 6242 4135 c7d7 9360 e0d0 ce2a 00b7 ebf2
867 |_SHA-1: db1d 2504 45ed 5617 0259 e6c1 7025 a590 5e2c 9903
868 |_ssl-date: 2019-11-13T06:03:29+00:00; -2s from scanner time.
869 | vulners:
870 | cpe:/a:exim:exim:4.92:
871 | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
872 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
873 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
874 993/tcp open ssl/imaps? syn-ack ttl 53
875 |_ssl-date: 2019-11-13T06:03:29+00:00; -1s from scanner time.
876 995/tcp open ssl/pop3s? syn-ack ttl 53
877 |_ssl-date: 2019-11-13T06:03:28+00:00; -1s from scanner time.
878 8080/tcp open http syn-ack ttl 117 Indy httpd 19.4.52.3515 (Paessler PRTG bandwidth monitor)
879 |_http-favicon: Unknown favicon MD5: 36B3EF286FA4BEFBB797A0966B456479
880 | http-methods:
881 |_ Supported Methods: GET HEAD POST OPTIONS
882 |_http-open-proxy: Proxy might be redirecting requests
883 |_http-server-header: PRTG/19.4.52.3515
884 | http-title: Bienvenido | PRTG Network Monitor Maxtel
885 |_Requested resource was /index.htm
886 |_http-trane-info: Problem with XML parsing of /evox/about
887 Device type: general purpose|storage-misc|broadband router|router|WAP
888 Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Netgear RAIDiator 4.X (87%)
889 OS Info: Service Info: Host: cpanel.maxtel.cl; OSs: Linux, Windows; CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:microsoft:windows
890 |_clock-skew: mean: -1s, deviation: 0s, median: -1s
891 Scanning ip 108.177.97.26 (tm-in-f26.1e100.net (PTR)):
892 Scanning ip 173.194.202.27 (pf-in-f27.1e100.net (PTR)):
893 WebCrawling domain's web servers... up to 50 max links.
894
895 + URL to crawl: http://ftp.udi.cl.
896 + Date: 2019-11-13
897
898 + Crawling URL: http://ftp.udi.cl.:
899 + Links:
900 + Crawling http://ftp.udi.cl. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
901 + Searching for directories...
902 + Searching open folders...
903
904
905 + URL to crawl: http://ns1.maxtel.cl
906 + Date: 2019-11-13
907
908 + Crawling URL: http://ns1.maxtel.cl:
909 + Links:
910 + Crawling http://ns1.maxtel.cl (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
911 + Searching for directories...
912 + Searching open folders...
913
914
915 + URL to crawl: http://ns2.maxtel.cl
916 + Date: 2019-11-13
917
918 + Crawling URL: http://ns2.maxtel.cl:
919 + Links:
920 + Crawling http://ns2.maxtel.cl (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
921 + Searching for directories...
922 + Searching open folders...
923
924
925 + URL to crawl: http://www.udi.cl.
926 + Date: 2019-11-13
927
928 + Crawling URL: http://www.udi.cl.:
929 + Links:
930 + Crawling http://www.udi.cl. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
931 + Searching for directories...
932 + Searching open folders...
933
934
935 + URL to crawl: http://webmail.udi.cl.
936 + Date: 2019-11-13
937
938 + Crawling URL: http://webmail.udi.cl.:
939 + Links:
940 + Crawling http://webmail.udi.cl.
941 + Crawling http://webmail.udi.cl./?locale=ar
942 + Crawling http://webmail.udi.cl./?locale=bg
943 + Crawling http://webmail.udi.cl./?locale=cs
944 + Crawling http://webmail.udi.cl./?locale=da
945 + Crawling http://webmail.udi.cl./?locale=de
946 + Crawling http://webmail.udi.cl./?locale=el
947 + Crawling http://webmail.udi.cl./?locale=en
948 + Crawling http://webmail.udi.cl./?locale=es
949 + Crawling http://webmail.udi.cl./?locale=es_419
950 + Crawling http://webmail.udi.cl./?locale=es_es
951 + Crawling http://webmail.udi.cl./?locale=fi
952 + Crawling http://webmail.udi.cl./?locale=fil
953 + Crawling http://webmail.udi.cl./?locale=fr
954 + Crawling http://webmail.udi.cl./?locale=he
955 + Crawling http://webmail.udi.cl./?locale=hu
956 + Crawling http://webmail.udi.cl./?locale=i_cpanel_snowmen
957 + Crawling http://webmail.udi.cl./?locale=i_en
958 + Crawling http://webmail.udi.cl./?locale=id
959 + Crawling http://webmail.udi.cl./?locale=it
960 + Crawling http://webmail.udi.cl./?locale=ja
961 + Crawling http://webmail.udi.cl./?locale=ko
962 + Crawling http://webmail.udi.cl./?locale=ms
963 + Crawling http://webmail.udi.cl./?locale=nb
964 + Crawling http://webmail.udi.cl./?locale=nl
965 + Crawling http://webmail.udi.cl./?locale=no
966 + Crawling http://webmail.udi.cl./?locale=pl
967 + Crawling http://webmail.udi.cl./?locale=pt
968 + Crawling http://webmail.udi.cl./?locale=pt_br
969 + Crawling http://webmail.udi.cl./?locale=ro
970 + Crawling http://webmail.udi.cl./?locale=ru
971 + Crawling http://webmail.udi.cl./?locale=sl
972 + Crawling http://webmail.udi.cl./?locale=sv
973 + Crawling http://webmail.udi.cl./?locale=th
974 + Crawling http://webmail.udi.cl./?locale=tr
975 + Crawling http://webmail.udi.cl./?locale=uk
976 + Crawling http://webmail.udi.cl./?locale=vi
977 + Crawling http://webmail.udi.cl./?locale=zh
978 + Crawling http://webmail.udi.cl./?locale=zh_cn
979 + Crawling http://webmail.udi.cl./?locale=zh_tw
980 + Crawling http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/images/webmail-logo.svg (File! Not crawling it.)
981 + Crawling https://webmail.udi.cl./resetpass?start=1
982 + Crawling http://webmail.udi.cl./?locale=ar/?locale=bg
983 + Crawling http://webmail.udi.cl./?locale=ar/?locale=cs
984 + Crawling http://webmail.udi.cl./?locale=ar/?locale=da
985 + Crawling http://webmail.udi.cl./?locale=ar/?locale=de
986 + Crawling http://webmail.udi.cl./?locale=ar/?locale=el
987 + Crawling http://webmail.udi.cl./?locale=ar/?locale=en
988 + Crawling http://webmail.udi.cl./?locale=ar/?locale=es
989 + Crawling http://webmail.udi.cl./?locale=ar/?locale=es_419
990 + Crawling http://webmail.udi.cl./?locale=ar/?locale=es_es
991 + Searching for directories...
992 - Found: http://webmail.udi.cl./?locale=ar/
993 - Found: http://webmail.udi.cl./cPanel_magic_revision_1386192030/
994 - Found: http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/
995 - Found: http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/
996 - Found: http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/
997 - Found: http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/
998 - Found: http://webmail.udi.cl./cPanel_magic_revision_1573089464/
999 - Found: http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/
1000 - Found: http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/cpanel/
1001 - Found: http://webmail.udi.cl./cPanel_magic_revision_1464283934/
1002 - Found: http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/
1003 - Found: http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/
1004 - Found: http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/images/
1005 + Searching open folders...
1006 - http://webmail.udi.cl./?locale=ar/ (No Open Folder)
1007 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/ (No Open Folder)
1008 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/ (404 Not Found)
1009 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/ (404 Not Found)
1010 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/ (404 Not Found)
1011 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/ (404 Not Found)
1012 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/ (No Open Folder)
1013 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/ (404 Not Found)
1014 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/cpanel/ (404 Not Found)
1015 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/ (No Open Folder)
1016 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/ (404 Not Found)
1017 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/ (404 Not Found)
1018 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/images/ (404 Not Found)
1019 + Crawl finished successfully.
1020----------------------------------------------------------------------
1021Summary of http://http://webmail.udi.cl.
1022----------------------------------------------------------------------
1023+ Links crawled:
1024 - http://webmail.udi.cl.
1025 - http://webmail.udi.cl./?locale=ar
1026 - http://webmail.udi.cl./?locale=ar/?locale=bg
1027 - http://webmail.udi.cl./?locale=ar/?locale=cs
1028 - http://webmail.udi.cl./?locale=ar/?locale=da
1029 - http://webmail.udi.cl./?locale=ar/?locale=de
1030 - http://webmail.udi.cl./?locale=ar/?locale=el
1031 - http://webmail.udi.cl./?locale=ar/?locale=en
1032 - http://webmail.udi.cl./?locale=ar/?locale=es
1033 - http://webmail.udi.cl./?locale=ar/?locale=es_419
1034 - http://webmail.udi.cl./?locale=ar/?locale=es_es
1035 - http://webmail.udi.cl./?locale=bg
1036 - http://webmail.udi.cl./?locale=cs
1037 - http://webmail.udi.cl./?locale=da
1038 - http://webmail.udi.cl./?locale=de
1039 - http://webmail.udi.cl./?locale=el
1040 - http://webmail.udi.cl./?locale=en
1041 - http://webmail.udi.cl./?locale=es
1042 - http://webmail.udi.cl./?locale=es_419
1043 - http://webmail.udi.cl./?locale=es_es
1044 - http://webmail.udi.cl./?locale=fi
1045 - http://webmail.udi.cl./?locale=fil
1046 - http://webmail.udi.cl./?locale=fr
1047 - http://webmail.udi.cl./?locale=he
1048 - http://webmail.udi.cl./?locale=hu
1049 - http://webmail.udi.cl./?locale=i_cpanel_snowmen
1050 - http://webmail.udi.cl./?locale=i_en
1051 - http://webmail.udi.cl./?locale=id
1052 - http://webmail.udi.cl./?locale=it
1053 - http://webmail.udi.cl./?locale=ja
1054 - http://webmail.udi.cl./?locale=ko
1055 - http://webmail.udi.cl./?locale=ms
1056 - http://webmail.udi.cl./?locale=nb
1057 - http://webmail.udi.cl./?locale=nl
1058 - http://webmail.udi.cl./?locale=no
1059 - http://webmail.udi.cl./?locale=pl
1060 - http://webmail.udi.cl./?locale=pt
1061 - http://webmail.udi.cl./?locale=pt_br
1062 - http://webmail.udi.cl./?locale=ro
1063 - http://webmail.udi.cl./?locale=ru
1064 - http://webmail.udi.cl./?locale=sl
1065 - http://webmail.udi.cl./?locale=sv
1066 - http://webmail.udi.cl./?locale=th
1067 - http://webmail.udi.cl./?locale=tr
1068 - http://webmail.udi.cl./?locale=uk
1069 - http://webmail.udi.cl./?locale=vi
1070 - http://webmail.udi.cl./?locale=zh
1071 - http://webmail.udi.cl./?locale=zh_cn
1072 - http://webmail.udi.cl./?locale=zh_tw
1073 Total links crawled: 49
1074
1075+ Links to files found:
1076 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css
1077 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/images/notice-error.png
1078 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/images/webmail-logo.svg
1079 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/cpanel/style_v2_optimized.css
1080 Total links to files: 4
1081
1082+ Externals links found:
1083 - data:image/x-icon;base64,AAABAAEAICAAAAEAIADSAgAAFgAAAIlQTkcNChoKAAAADUlIRFIAAAAgAAAAIAgGAAAAc3p69AAAAplJREFUWIXt1j2IHGUYB/DfOzdnjIKFkECIVWIKvUFsIkRExa9KJCLaWAgWJx4DilZWgpDDiI0wiViIoGATP1CCEDYHSeCwUBBkgiiKURQJFiLo4d0eOxYzC8nsO9m9XcXC+8MW+3z+9/l6l2383xH+iSBpElyTdoda26xsDqp/h0CVZ3vwKm7tMBngAs7h7eRYebG6hMtMBHbMBX89vfARHprQ5U8cwdFQlIOZCVR5di1+w/wWXT/EY6EoN5NZCODuKZLDwzgSMCuBe2fwfX6QZwtpWzqfBBtLC3txF/ZhxKbBGx0EfsTJS77vwmGjlZrD4mUzUOXZjVjGI65cnTXchB8iupdDUb7QinsQZ7GzZftdQj2JVZ49iC/w6JjksIo7OnS9tiA5Vn6GtyK2+1MY5NkhfGDygVrBAxH5WkPuMjR7/3UsUFLl2Q68s4XkA3ws3v9zoSjX28Kr5wL1xrTxa6ou+f6OZGvqPg9v1wZeaUjcELE/DVfNhWFSvy/enOIZ9eq1sTokEMNLWI79oirP8g6fXpVnh7GEvY1sV/OJ4f0UhyKKk6EoX4x5pEkgXv6L6OM99YqNw/c4kXSwG5nkIfpLCynuiahW1GWeJHkfT4aiXO9atz1XcD6I6yLyHu6bIPk6Hg9FeYZ63y9EjBarPDvQ8VJ1nd9V3D4m+RncForyxFCQ4hSeahlej88Hefauurdwaufr5z/F/ZHAX6nL+mZE18e36IWiHLkFocqzW9QXcNz1+wUHxJ/f10JRPjvGP4pk/vj5L3F8AtufdD+/p6dJDknzX+05fDLGtife/766t9MRgFCUffWTudwE3AqBlVCUf0xLYGTQqzzbhydwJ3Y34g318J1tmX+DPBTlz9MS2MY2/nP8DTGaqeTDf30rAAAAAElFTkSuQmCC
1084 - https://go.cpanel.net/privacy
1085 Total external links: 2
1086
1087+ Email addresses found:
1088 Total email address found: 0
1089
1090+ Directories found:
1091 - http://webmail.udi.cl./?locale=ar/ (No open folder)
1092 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/ (No open folder)
1093 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/ (404 Not Found)
1094 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/ (404 Not Found)
1095 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/ (404 Not Found)
1096 - http://webmail.udi.cl./cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/ (404 Not Found)
1097 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/ (No open folder)
1098 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/ (404 Not Found)
1099 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/ (404 Not Found)
1100 - http://webmail.udi.cl./cPanel_magic_revision_1464283934/unprotected/cpanel/images/ (404 Not Found)
1101 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/ (No open folder)
1102 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/ (404 Not Found)
1103 - http://webmail.udi.cl./cPanel_magic_revision_1573089464/unprotected/cpanel/ (404 Not Found)
1104 Total directories: 13
1105
1106+ Directory indexing found:
1107 Total directories with indexing: 0
1108
1109----------------------------------------------------------------------
1110
1111
1112 + URL to crawl: https://ftp.udi.cl.
1113 + Date: 2019-11-13
1114
1115 + Crawling URL: https://ftp.udi.cl.:
1116 + Links:
1117 + Crawling https://ftp.udi.cl. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1118 + Searching for directories...
1119 + Searching open folders...
1120
1121
1122 + URL to crawl: https://ns1.maxtel.cl
1123 + Date: 2019-11-13
1124
1125 + Crawling URL: https://ns1.maxtel.cl:
1126 + Links:
1127 + Crawling https://ns1.maxtel.cl ([Errno -2] Name or service not known)
1128 + Searching for directories...
1129 + Searching open folders...
1130
1131
1132 + URL to crawl: https://ns2.maxtel.cl
1133 + Date: 2019-11-13
1134
1135 + Crawling URL: https://ns2.maxtel.cl:
1136 + Links:
1137 + Crawling https://ns2.maxtel.cl ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1138 + Searching for directories...
1139 + Searching open folders...
1140
1141
1142 + URL to crawl: https://www.udi.cl.
1143 + Date: 2019-11-13
1144
1145 + Crawling URL: https://www.udi.cl.:
1146 + Links:
1147 + Crawling https://www.udi.cl. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1148 + Searching for directories...
1149 + Searching open folders...
1150
1151
1152 + URL to crawl: https://webmail.udi.cl.
1153 + Date: 2019-11-13
1154
1155 + Crawling URL: https://webmail.udi.cl.:
1156 + Links:
1157 + Crawling https://webmail.udi.cl.
1158 + Searching for directories...
1159 + Searching open folders...
1160
1161
1162 + URL to crawl: http://ftp.udi.cl.:8080
1163 + Date: 2019-11-13
1164
1165 + Crawling URL: http://ftp.udi.cl.:8080:
1166 + Links:
1167 + Crawling http://ftp.udi.cl.:8080
1168 + Crawling http://ftp.udi.cl.:8080/public/manifest.json.htm
1169 + Crawling http://ftp.udi.cl.:8080/css/prtgmini.css?prtgversion=19.4.52.3515__ (File! Not crawling it.)
1170 + Crawling http://ftp.udi.cl.:8080/downloads.htm
1171 + Crawling http://ftp.udi.cl.:8080/public/forgotpassword.htm
1172 + Crawling http://ftp.udi.cl.:8080/help/login.htm
1173 + Crawling http://ftp.udi.cl.:8080/home
1174 + Crawling http://ftp.udi.cl.:8080/css/prtg0.css?prtgversion=19.4.52.3515 (File! Not crawling it.)
1175 + Crawling http://ftp.udi.cl.:8080/css/manuals.css?prtgversion=19.4.52.3515 (File! Not crawling it.)
1176 + Crawling http://ftp.udi.cl.:8080/javascript/lib/jquery.js?prtgversion=19.4.52.3515&language=sp (File! Not crawling it.)
1177 + Crawling http://ftp.udi.cl.:8080/help/introduction.htm
1178 + Crawling http://ftp.udi.cl.:8080/help/about_this_document.htm
1179 + Crawling http://ftp.udi.cl.:8080/help/key_features.htm
1180 + Crawling http://ftp.udi.cl.:8080/help/new_in_this_version.htm
1181 + Crawling http://ftp.udi.cl.:8080/help/available_licenses.htm
1182 + Crawling http://ftp.udi.cl.:8080/help/system_requirements.htm
1183 + Crawling http://ftp.udi.cl.:8080/help/detailed_system_requirements.htm
1184 + Crawling http://ftp.udi.cl.:8080/help/introduction_monitoring_with_prtg.htm
1185 + Crawling http://ftp.udi.cl.:8080/help/quick_start_guide.htm ([Errno 111] Connection refused)
1186 + Crawling http://ftp.udi.cl.:8080/help/one_download_and_installation.htm ([Errno 111] Connection refused)
1187 + Crawling http://ftp.udi.cl.:8080/help/smart_setup.htm ([Errno 111] Connection refused)
1188 + Crawling http://ftp.udi.cl.:8080/help/using_prtg_in_the_cloud.htm ([Errno 111] Connection refused)
1189 + Crawling http://ftp.udi.cl.:8080/help/create_a_prtg_in_the_cloud_instance.htm ([Errno 111] Connection refused)
1190 + Crawling http://ftp.udi.cl.:8080/help/manage_a_prtg_in_the_cloud_subscription.htm ([Errno 111] Connection refused)
1191 + Crawling http://ftp.udi.cl.:8080/help/installation.htm ([Errno 111] Connection refused)
1192 + Crawling http://ftp.udi.cl.:8080/help/download.htm ([Errno 111] Connection refused)
1193 + Crawling http://ftp.udi.cl.:8080/help/update_from_previous_versions.htm ([Errno 111] Connection refused)
1194 + Crawling http://ftp.udi.cl.:8080/help/install_a_prtg_core_server.htm ([Errno 111] Connection refused)
1195 + Crawling http://ftp.udi.cl.:8080/help/install_a_prtg_cluster.htm ([Errno 111] Connection refused)
1196 + Crawling http://ftp.udi.cl.:8080/help/enter_license_key.htm ([Errno 111] Connection refused)
1197 + Crawling http://ftp.udi.cl.:8080/help/activate_the_product.htm ([Errno 111] Connection refused)
1198 + Crawling http://ftp.udi.cl.:8080/help/install_a_prtg_remote_probe.htm ([Errno 111] Connection refused)
1199 + Crawling http://ftp.udi.cl.:8080/help/install_the_enterprise_console.htm ([Errno 111] Connection refused)
1200 + Crawling http://ftp.udi.cl.:8080/help/uninstall.htm ([Errno 111] Connection refused)
1201 + Crawling http://ftp.udi.cl.:8080/help/understanding_basic_concepts.htm ([Errno 111] Connection refused)
1202 + Crawling http://ftp.udi.cl.:8080/help/architecture.htm ([Errno 111] Connection refused)
1203 + Crawling http://ftp.udi.cl.:8080/help/clustering.htm ([Errno 111] Connection refused)
1204 + Crawling http://ftp.udi.cl.:8080/help/object_hierarchy.htm ([Errno 111] Connection refused)
1205 + Crawling http://ftp.udi.cl.:8080/help/inheritance_of_settings.htm ([Errno 111] Connection refused)
1206 + Crawling http://ftp.udi.cl.:8080/help/tags.htm ([Errno 111] Connection refused)
1207 + Crawling http://ftp.udi.cl.:8080/help/dependencies.htm ([Errno 111] Connection refused)
1208 + Crawling http://ftp.udi.cl.:8080/help/scheduling.htm ([Errno 111] Connection refused)
1209 + Crawling http://ftp.udi.cl.:8080/help/notifying.htm ([Errno 111] Connection refused)
1210 + Crawling http://ftp.udi.cl.:8080/help/alerts.htm ([Errno 111] Connection refused)
1211 + Crawling http://ftp.udi.cl.:8080/help/user_access_rights.htm (timed out)
1212 + Crawling http://ftp.udi.cl.:8080/help/data_reporting.htm (timed out)
1213 + Crawling http://ftp.udi.cl.:8080/help/ipv6.htm (timed out)
1214 + Crawling http://ftp.udi.cl.:8080/help/ajax_gui_basic.htm ([Errno 113] No route to host)
1215 + Crawling http://ftp.udi.cl.:8080/help/ssl_certificate_warning.htm ([Errno 113] No route to host)
1216 + Crawling http://ftp.udi.cl.:8080/help/welcome_page.htm ([Errno 113] No route to host)
1217 + Crawling http://ftp.udi.cl.:8080/help/customer_service.htm ([Errno 113] No route to host)
1218 + Crawling http://ftp.udi.cl.:8080/help/general_layout.htm ([Errno 111] Connection refused)
1219 + Crawling http://ftp.udi.cl.:8080/help/sensor_states.htm ([Errno 111] Connection refused)
1220 + Crawling http://ftp.udi.cl.:8080/help/review_monitoring_data.htm ([Errno 111] Connection refused)
1221 + Searching for directories...
1222 - Found: http://ftp.udi.cl.:8080/public/
1223 - Found: http://ftp.udi.cl.:8080/help/
1224 - Found: http://ftp.udi.cl.:8080/images/
1225 - Found: http://ftp.udi.cl.:8080/css/
1226 - Found: http://ftp.udi.cl.:8080/javascript/
1227 - Found: http://ftp.udi.cl.:8080/javascript/lib/
1228 + Searching open folders...
1229 - http://ftp.udi.cl.:8080/public/ ([Errno 111] Connection refused)
1230 > Problems in searching for open folders or crawling again the folders with indexing.
1231
1232 + Crawl finished successfully.
1233----------------------------------------------------------------------
1234Summary of http://http://ftp.udi.cl.:8080
1235----------------------------------------------------------------------
1236+ Links crawled:
1237 - http://ftp.udi.cl.:8080
1238 - http://ftp.udi.cl.:8080/downloads.htm
1239 - http://ftp.udi.cl.:8080/help/about_this_document.htm
1240 - http://ftp.udi.cl.:8080/help/activate_the_product.htm ([Errno 111] Connection refused)
1241 - http://ftp.udi.cl.:8080/help/ajax_gui_basic.htm ([Errno 113] No route to host)
1242 - http://ftp.udi.cl.:8080/help/alerts.htm ([Errno 111] Connection refused)
1243 - http://ftp.udi.cl.:8080/help/architecture.htm ([Errno 111] Connection refused)
1244 - http://ftp.udi.cl.:8080/help/available_licenses.htm
1245 - http://ftp.udi.cl.:8080/help/clustering.htm ([Errno 111] Connection refused)
1246 - http://ftp.udi.cl.:8080/help/create_a_prtg_in_the_cloud_instance.htm ([Errno 111] Connection refused)
1247 - http://ftp.udi.cl.:8080/help/customer_service.htm ([Errno 113] No route to host)
1248 - http://ftp.udi.cl.:8080/help/data_reporting.htm (timed out)
1249 - http://ftp.udi.cl.:8080/help/dependencies.htm ([Errno 111] Connection refused)
1250 - http://ftp.udi.cl.:8080/help/detailed_system_requirements.htm
1251 - http://ftp.udi.cl.:8080/help/download.htm ([Errno 111] Connection refused)
1252 - http://ftp.udi.cl.:8080/help/enter_license_key.htm ([Errno 111] Connection refused)
1253 - http://ftp.udi.cl.:8080/help/general_layout.htm ([Errno 111] Connection refused)
1254 - http://ftp.udi.cl.:8080/help/inheritance_of_settings.htm ([Errno 111] Connection refused)
1255 - http://ftp.udi.cl.:8080/help/install_a_prtg_cluster.htm ([Errno 111] Connection refused)
1256 - http://ftp.udi.cl.:8080/help/install_a_prtg_core_server.htm ([Errno 111] Connection refused)
1257 - http://ftp.udi.cl.:8080/help/install_a_prtg_remote_probe.htm ([Errno 111] Connection refused)
1258 - http://ftp.udi.cl.:8080/help/install_the_enterprise_console.htm ([Errno 111] Connection refused)
1259 - http://ftp.udi.cl.:8080/help/installation.htm ([Errno 111] Connection refused)
1260 - http://ftp.udi.cl.:8080/help/introduction.htm
1261 - http://ftp.udi.cl.:8080/help/introduction_monitoring_with_prtg.htm
1262 - http://ftp.udi.cl.:8080/help/ipv6.htm (timed out)
1263 - http://ftp.udi.cl.:8080/help/key_features.htm
1264 - http://ftp.udi.cl.:8080/help/login.htm
1265 - http://ftp.udi.cl.:8080/help/manage_a_prtg_in_the_cloud_subscription.htm ([Errno 111] Connection refused)
1266 - http://ftp.udi.cl.:8080/help/new_in_this_version.htm
1267 - http://ftp.udi.cl.:8080/help/notifying.htm ([Errno 111] Connection refused)
1268 - http://ftp.udi.cl.:8080/help/object_hierarchy.htm ([Errno 111] Connection refused)
1269 - http://ftp.udi.cl.:8080/help/one_download_and_installation.htm ([Errno 111] Connection refused)
1270 - http://ftp.udi.cl.:8080/help/quick_start_guide.htm ([Errno 111] Connection refused)
1271 - http://ftp.udi.cl.:8080/help/review_monitoring_data.htm ([Errno 111] Connection refused)
1272 - http://ftp.udi.cl.:8080/help/scheduling.htm ([Errno 111] Connection refused)
1273 - http://ftp.udi.cl.:8080/help/sensor_states.htm ([Errno 111] Connection refused)
1274 - http://ftp.udi.cl.:8080/help/smart_setup.htm ([Errno 111] Connection refused)
1275 - http://ftp.udi.cl.:8080/help/ssl_certificate_warning.htm ([Errno 113] No route to host)
1276 - http://ftp.udi.cl.:8080/help/system_requirements.htm
1277 - http://ftp.udi.cl.:8080/help/tags.htm ([Errno 111] Connection refused)
1278 - http://ftp.udi.cl.:8080/help/understanding_basic_concepts.htm ([Errno 111] Connection refused)
1279 - http://ftp.udi.cl.:8080/help/uninstall.htm ([Errno 111] Connection refused)
1280 - http://ftp.udi.cl.:8080/help/update_from_previous_versions.htm ([Errno 111] Connection refused)
1281 - http://ftp.udi.cl.:8080/help/user_access_rights.htm (timed out)
1282 - http://ftp.udi.cl.:8080/help/using_prtg_in_the_cloud.htm ([Errno 111] Connection refused)
1283 - http://ftp.udi.cl.:8080/help/welcome_page.htm ([Errno 113] No route to host)
1284 - http://ftp.udi.cl.:8080/home
1285 - http://ftp.udi.cl.:8080/public/forgotpassword.htm
1286 - http://ftp.udi.cl.:8080/public/manifest.json.htm
1287 Total links crawled: 50
1288
1289+ Links to files found:
1290 - http://ftp.udi.cl.:8080/css/manuals.css?prtgversion=19.4.52.3515
1291 - http://ftp.udi.cl.:8080/css/prtg0.css?prtgversion=19.4.52.3515
1292 - http://ftp.udi.cl.:8080/css/prtgmini.css?prtgversion=19.4.52.3515__
1293 - http://ftp.udi.cl.:8080/favicon.ico
1294 - http://ftp.udi.cl.:8080/help/icon-asterisk-blue.png
1295 - http://ftp.udi.cl.:8080/help/icon-book-arrows.png
1296 - http://ftp.udi.cl.:8080/help/icon-book-bulb.png
1297 - http://ftp.udi.cl.:8080/help/icon-i-red.png
1298 - http://ftp.udi.cl.:8080/help/icon-i-round-red.png
1299 - http://ftp.udi.cl.:8080/help/icon-i-round.png
1300 - http://ftp.udi.cl.:8080/help/icon-play.png
1301 - http://ftp.udi.cl.:8080/help/icon-prtg-on-demand.png
1302 - http://ftp.udi.cl.:8080/help/icon-tools.png
1303 - http://ftp.udi.cl.:8080/help/login_details.png
1304 - http://ftp.udi.cl.:8080/help/login_details_zoom55.png
1305 - http://ftp.udi.cl.:8080/help/pod_login_screen.png
1306 - http://ftp.udi.cl.:8080/help/pod_login_screen_zoom70.png
1307 - http://ftp.udi.cl.:8080/help/prtg-schaubild.png
1308 - http://ftp.udi.cl.:8080/help/prtg-schaubild_zoom51.png
1309 - http://ftp.udi.cl.:8080/help/standard-installation.png
1310 - http://ftp.udi.cl.:8080/help/standard-installation_zoom55.png
1311 - http://ftp.udi.cl.:8080/images/paessler.png
1312 - http://ftp.udi.cl.:8080/images/prtg_logo_gray.png
1313 - http://ftp.udi.cl.:8080/images/prtg_network_monitor.png
1314 - http://ftp.udi.cl.:8080/javascript/lib/jquery.js?prtgversion=19.4.52.3515&language=sp
1315 Total links to files: 25
1316
1317+ Externals links found:
1318 - http://www.mozilla.org/firefox/
1319 - https://blog.paessler.com/5-things-i-learned-while-interning-as-a-system-admin
1320 - https://blog.paessler.com/a-tesla-potentially-equals-a-cctv-system-on-4-wheels
1321 - https://blog.paessler.com/carrera-and-prtg
1322 - https://blog.paessler.com/how-technology-will-change-our-lives-in-the-next-5-years
1323 - https://blog.paessler.com/how-to-use-the-new-prtg-wmi-battery-sensor
1324 - https://blog.paessler.com/is-it-possible-to-monitor-osi-model-layer-8
1325 - https://blog.paessler.com/is-your-pacs-server-publicly-accessible-heres-how-to-check-with-prtg
1326 - https://blog.paessler.com/maker-monday-returns-with-slot-cars
1327 - https://blog.paessler.com/meet-helmut-binder-the-new-ceo-of-paessler
1328 - https://blog.paessler.com/monitoring-a-terrarium-with-prtg
1329 - https://blog.paessler.com/monitoring-the-cloud-after-the-hype-cycle
1330 - https://blog.paessler.com/prtg-release-19.3.51-and-19.4.52-news-roundup
1331 - https://blog.paessler.com/scaling-prtg-horizontally-for-large-environments
1332 - https://blog.paessler.com/what-i-learned-about-agile-by-building-a-giant-carrera-racing-track
1333 - https://blog.paessler.com/why-mqtt-is-everywhere-and-the-security-issues-it-faces
1334 - https://kb.paessler.com/
1335 - https://kb.paessler.com/en/topic/1043
1336 - https://kb.paessler.com/en/topic/26383
1337 - https://kb.paessler.com/en/topic/2733
1338 - https://kb.paessler.com/en/topic/30643
1339 - https://kb.paessler.com/en/topic/32513
1340 - https://kb.paessler.com/en/topic/3733
1341 - https://kb.paessler.com/en/topic/46863
1342 - https://kb.paessler.com/en/topic/49193
1343 - https://kb.paessler.com/en/topic/60543
1344 - https://kb.paessler.com/en/topic/61462
1345 - https://kb.paessler.com/en/topic/70192
1346 - https://kb.paessler.com/en/topic/71305
1347 - https://kb.paessler.com/en/topic/77329
1348 - https://my-prtg.com
1349 - https://www.google.com/chrome/
1350 - https://www.paessler.com
1351 - https://www.paessler.com/bandwidth_monitoring?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1352 - https://www.paessler.com/blog/prtg-12-introduces-continuous-rollout
1353 - https://www.paessler.com/download/prtg-download
1354 - https://www.paessler.com/netflow_monitoring?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1355 - https://www.paessler.com/network_monitoring?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1356 - https://www.paessler.com/order?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1357 - https://www.paessler.com/packet_sniffing?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1358 - https://www.paessler.com/prtg
1359 - https://www.paessler.com/prtg/history
1360 - https://www.paessler.com/prtg/history/stable
1361 - https://www.paessler.com/prtg/requirements
1362 - https://www.paessler.com/prtg/trial
1363 - https://www.paessler.com/prtg7/infographic/?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1364 - https://www.paessler.com/prtg?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1365 - https://www.paessler.com/support/faqs
1366 - https://www.paessler.com/support/videos/about-paessler/prtg-90-sec
1367 - https://www.paessler.com/support/videos/all-about-monitoring
1368 - https://www.paessler.com/uptime_monitoring?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1369 - https://www.paessler.com?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-freeware
1370 - https://www.paessler.com?utm_source=prtg&utm_medium=referral&utm_campaign=webgui-homepage
1371 Total external links: 53
1372
1373+ Email addresses found:
1374 Total email address found: 0
1375
1376+ Directories found:
1377 - http://ftp.udi.cl.:8080/css/
1378 - http://ftp.udi.cl.:8080/help/
1379 - http://ftp.udi.cl.:8080/images/
1380 - http://ftp.udi.cl.:8080/javascript/
1381 - http://ftp.udi.cl.:8080/javascript/lib/
1382 - http://ftp.udi.cl.:8080/public/
1383 Total directories: 6
1384
1385+ Directory indexing found:
1386 Total directories with indexing: 0
1387
1388----------------------------------------------------------------------
1389
1390
1391 + URL to crawl: http://ns1.maxtel.cl:8080
1392 + Date: 2019-11-13
1393
1394 + Crawling URL: http://ns1.maxtel.cl:8080:
1395 + Links:
1396 + Crawling http://ns1.maxtel.cl:8080 ([Errno -2] Name or service not known)
1397 + Searching for directories...
1398 + Searching open folders...
1399
1400
1401 + URL to crawl: http://ns2.maxtel.cl:8080
1402 + Date: 2019-11-13
1403
1404 + Crawling URL: http://ns2.maxtel.cl:8080:
1405 + Links:
1406 + Crawling http://ns2.maxtel.cl:8080 ([Errno 111] Connection refused)
1407 + Searching for directories...
1408 + Searching open folders...
1409
1410
1411 + URL to crawl: http://www.udi.cl.:8080
1412 + Date: 2019-11-13
1413
1414 + Crawling URL: http://www.udi.cl.:8080:
1415 + Links:
1416 + Crawling http://www.udi.cl.:8080 ([Errno 111] Connection refused)
1417 + Searching for directories...
1418 + Searching open folders...
1419
1420
1421 + URL to crawl: http://webmail.udi.cl.:8080
1422 + Date: 2019-11-13
1423
1424 + Crawling URL: http://webmail.udi.cl.:8080:
1425 + Links:
1426 + Crawling http://webmail.udi.cl.:8080 ([Errno 111] Connection refused)
1427 + Searching for directories...
1428 + Searching open folders...
1429
1430--Finished--
1431Summary information for domain udi.cl.
1432-----------------------------------------
1433 Domain Specific Information:
1434 Email: secretariageneral@udi.cl.
1435 Email: vnieto@udi.cl
1436
1437 Domain Ips Information:
1438 IP: 200.111.139.64
1439 Type: SPF
1440 Is Active: True (reset ttl 64)
1441 IP: 198.57.128.0
1442 Type: SPF
1443 Is Active: True (reset ttl 64)
1444 IP: 209.173.141.192
1445 Type: SPF
1446 Is Active: True (reset ttl 64)
1447 IP: 200.73.54.36
1448 Type: SPF
1449 Is Active: True (reset ttl 64)
1450 Port: 80/tcp open http syn-ack ttl 117 Microsoft IIS httpd 10.0
1451 Script Info: | http-methods:
1452 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
1453 Script Info: |_ Potentially risky methods: TRACE
1454 Script Info: |_http-server-header: Microsoft-IIS/10.0
1455 Script Info: |_http-title: IIS Windows Server
1456 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1457 IP: 74.125.206.27
1458 HostName: aspmx.l.google.com Type: MX
1459 HostName: wk-in-f27.1e100.net Type: PTR
1460 Country: United States
1461 Is Active: True (echo-reply ttl 43)
1462 IP: 142.250.4.26
1463 HostName: alt2.aspmx.l.google.com Type: MX
1464 Country: United States
1465 Is Active: True (reset ttl 64)
1466 IP: 209.85.233.27
1467 HostName: alt1.aspmx.l.google.com Type: MX
1468 HostName: lr-in-f27.1e100.net Type: PTR
1469 Country: United States
1470 Is Active: True (reset ttl 64)
1471 IP: 200.73.54.34
1472 HostName: ns1.maxtel.cl Type: NS
1473 HostName: mail.maxtel.cl Type: PTR
1474 HostName: ns2.maxtel.cl Type: NS
1475 Type: SPF
1476 HostName: www.udi.cl. Type: A
1477 HostName: ftp.udi.cl. Type: A
1478 HostName: webmail.udi.cl. Type: A
1479 Country: Chile
1480 Is Active: True (reset ttl 64)
1481 Port: 21/tcp open ftp syn-ack ttl 53 Pure-FTPd
1482 Script Info: | ssl-cert: Subject: commonName=cpanel.maxtel.cl
1483 Script Info: | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
1484 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1485 Script Info: | Public Key type: rsa
1486 Script Info: | Public Key bits: 2048
1487 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1488 Script Info: | Not valid before: 2019-03-21T00:00:00
1489 Script Info: | Not valid after: 2020-03-20T23:59:59
1490 Script Info: | MD5: 6242 4135 c7d7 9360 e0d0 ce2a 00b7 ebf2
1491 Script Info: |_SHA-1: db1d 2504 45ed 5617 0259 e6c1 7025 a590 5e2c 9903
1492 Script Info: |_ssl-date: 2019-11-13T06:03:30+00:00; -1s from scanner time.
1493 Port: 53/tcp open domain syn-ack ttl 53 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1494 Script Info: | dns-nsid:
1495 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
1496 Port: 80/tcp open http syn-ack ttl 53 Apache httpd
1497 Script Info: | http-methods:
1498 Script Info: |_ Supported Methods: GET POST OPTIONS HEAD
1499 Script Info: |_http-server-header: Apache
1500 Script Info: |_http-title: Site doesn't have a title (text/html).
1501 Port: 110/tcp open pop3 syn-ack ttl 53 Dovecot pop3d
1502 Script Info: |_pop3-capabilities: RESP-CODES USER TOP STLS AUTH-RESP-CODE UIDL SASL(PLAIN LOGIN) PIPELINING CAPA
1503 Script Info: |_ssl-date: 2019-11-13T06:03:29+00:00; -1s from scanner time.
1504 Port: 143/tcp open imap syn-ack ttl 53 Dovecot imapd
1505 Script Info: |_imap-capabilities: listed IDLE post-login SASL-IR AUTH=PLAIN AUTH=LOGINA0001 Pre-login NAMESPACE capabilities IMAP4rev1 LITERAL+ LOGIN-REFERRALS more have STARTTLS ENABLE OK ID
1506 Script Info: |_ssl-date: 2019-11-13T06:03:30+00:00; -1s from scanner time.
1507 Port: 443/tcp open ssl/http syn-ack ttl 53 Apache httpd
1508 Script Info: | http-methods:
1509 Script Info: |_ Supported Methods: GET POST OPTIONS HEAD
1510 Script Info: |_http-server-header: Apache
1511 Script Info: |_http-title: Site doesn't have a title (text/html).
1512 Script Info: | ssl-cert: Subject: commonName=cpanel.maxtel.cl
1513 Script Info: | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
1514 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1515 Script Info: | Public Key type: rsa
1516 Script Info: | Public Key bits: 2048
1517 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1518 Script Info: | Not valid before: 2018-04-14T00:00:00
1519 Script Info: | Not valid after: 2019-04-14T23:59:59
1520 Script Info: | MD5: c339 947f d901 3eb0 1c65 68fa ce87 a842
1521 Script Info: |_SHA-1: 273f f408 29b2 aa49 bbaa d35e be3e c431 4adf f7fd
1522 Script Info: |_ssl-date: TLS randomness does not represent time
1523 Script Info: | tls-alpn:
1524 Script Info: |_ http/1.1
1525 Port: 465/tcp open ssl/smtp syn-ack ttl 53 Exim smtpd 4.92
1526 Script Info: | smtp-commands: cpanel.maxtel.cl Hello nmap.scanme.org [160.116.0.101], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1527 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1528 Script Info: | ssl-cert: Subject: commonName=cpanel.maxtel.cl
1529 Script Info: | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
1530 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1531 Script Info: | Public Key type: rsa
1532 Script Info: | Public Key bits: 2048
1533 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1534 Script Info: | Not valid before: 2019-03-21T00:00:00
1535 Script Info: | Not valid after: 2020-03-20T23:59:59
1536 Script Info: | MD5: 6242 4135 c7d7 9360 e0d0 ce2a 00b7 ebf2
1537 Script Info: |_SHA-1: db1d 2504 45ed 5617 0259 e6c1 7025 a590 5e2c 9903
1538 Script Info: |_ssl-date: 2019-11-13T06:03:28+00:00; -1s from scanner time.
1539 Script Info: | vulners:
1540 Script Info: | cpe:/a:exim:exim:4.92:
1541 Script Info: | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1542 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1543 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1544 Port: 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
1545 Script Info: | smtp-commands: cpanel.maxtel.cl Hello nmap.scanme.org [160.116.0.101], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
1546 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1547 Script Info: | ssl-cert: Subject: commonName=cpanel.maxtel.cl
1548 Script Info: | Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
1549 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1550 Script Info: | Public Key type: rsa
1551 Script Info: | Public Key bits: 2048
1552 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1553 Script Info: | Not valid before: 2019-03-21T00:00:00
1554 Script Info: | Not valid after: 2020-03-20T23:59:59
1555 Script Info: | MD5: 6242 4135 c7d7 9360 e0d0 ce2a 00b7 ebf2
1556 Script Info: |_SHA-1: db1d 2504 45ed 5617 0259 e6c1 7025 a590 5e2c 9903
1557 Script Info: |_ssl-date: 2019-11-13T06:03:29+00:00; -2s from scanner time.
1558 Script Info: | vulners:
1559 Script Info: | cpe:/a:exim:exim:4.92:
1560 Script Info: | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1561 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1562 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1563 Port: 993/tcp open ssl/imaps? syn-ack ttl 53
1564 Script Info: |_ssl-date: 2019-11-13T06:03:29+00:00; -1s from scanner time.
1565 Port: 995/tcp open ssl/pop3s? syn-ack ttl 53
1566 Script Info: |_ssl-date: 2019-11-13T06:03:28+00:00; -1s from scanner time.
1567 Port: 8080/tcp open http syn-ack ttl 117 Indy httpd 19.4.52.3515 (Paessler PRTG bandwidth monitor)
1568 Script Info: |_http-favicon: Unknown favicon MD5: 36B3EF286FA4BEFBB797A0966B456479
1569 Script Info: | http-methods:
1570 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1571 Script Info: |_http-open-proxy: Proxy might be redirecting requests
1572 Script Info: |_http-server-header: PRTG/19.4.52.3515
1573 Script Info: | http-title: Bienvenido | PRTG Network Monitor Maxtel
1574 Script Info: |_Requested resource was /index.htm
1575 Script Info: |_http-trane-info: Problem with XML parsing of /evox/about
1576 Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP
1577 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Netgear RAIDiator 4.X (87%)
1578 Os Info: Host: cpanel.maxtel.cl; OSs: Linux, Windows; CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:microsoft:windows
1579 Script Info: |_clock-skew: mean: -1s, deviation: 0s, median: -1s
1580 IP: 108.177.97.26
1581 HostName: alt3.aspmx.l.google.com Type: MX
1582 HostName: tm-in-f26.1e100.net Type: PTR
1583 Country: United States
1584 Is Active: True (reset ttl 64)
1585 IP: 173.194.202.27
1586 HostName: alt4.aspmx.l.google.com Type: MX
1587 HostName: pf-in-f27.1e100.net Type: PTR
1588 Country: United States
1589 Is Active: True (reset ttl 64)
1590#####################################################################################################################################
1591----- udi.cl -----
1592
1593
1594Host's addresses:
1595__________________
1596
1597udi.cl. 14400 IN A 200.73.54.34
1598
1599
1600Name Servers:
1601______________
1602
1603ns2.maxtel.cl. 59 IN A 200.73.54.34
1604ns1.maxtel.cl. 59 IN A 200.73.54.34
1605
1606
1607Mail (MX) Servers:
1608___________________
1609
1610aspmx.l.google.com. 211 IN A 74.125.133.27
1611alt3.aspmx.l.google.com. 293 IN A 108.177.97.27
1612alt1.aspmx.l.google.com. 293 IN A 209.85.233.27
1613alt2.aspmx.l.google.com. 293 IN A 142.250.4.27
1614alt4.aspmx.l.google.com. 293 IN A 173.194.202.27
1615
1616
1617Trying Zone Transfers and getting Bind Versions:
1618_________________________________________________
1619
1620
1621Trying Zone Transfer for udi.cl on ns2.maxtel.cl ...
1622AXFR record query failed: REFUSED
1623
1624Trying Zone Transfer for udi.cl on ns1.maxtel.cl ...
1625AXFR record query failed: REFUSED
1626
1627
1628Scraping udi.cl subdomains from Google:
1629________________________________________
1630
1631
1632 ---- Google search page: 1 ----
1633
1634 enlace
1635 webmail
1636
1637 ---- Google search page: 2 ----
1638
1639
1640 ---- Google search page: 3 ----
1641
1642 transparencia
1643 transparencia
1644 transparencia
1645 transparencia
1646 transparencia
1647 transparencia
1648 transparencia
1649 transparencia
1650 transparencia
1651
1652 ---- Google search page: 4 ----
1653
1654 transparencia
1655 transparencia
1656 transparencia
1657 transparencia
1658
1659
1660Google Results:
1661________________
1662
1663webmail.udi.cl. 14400 IN A 200.73.54.34
1664transparencia.udi.cl. 14400 IN A 200.73.54.34
1665enlace.udi.cl. 14400 IN A 200.73.54.36
1666
1667
1668Brute forcing with /usr/share/dnsenum/dns.txt:
1669_______________________________________________
1670
1671ftp.udi.cl. 14400 IN A 200.73.54.34
1672www.udi.cl. 14400 IN CNAME udi.cl.
1673udi.cl. 14400 IN A 200.73.54.34
1674
1675
1676Launching Whois Queries:
1677_________________________
1678
1679 whois ip result: 200.73.54.0 -> 200.73.32.0/19
1680
1681
1682udi.cl______
1683
1684 200.73.32.0/19
1685######################################################################################################################################
1686Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 01:47 EST
1687Nmap scan report for mail.maxtel.cl (200.73.54.34)
1688Host is up (0.54s latency).
1689Not shown: 929 filtered ports, 60 closed ports
1690Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1691PORT STATE SERVICE
169221/tcp open ftp
169353/tcp open domain
169480/tcp open http
1695110/tcp open pop3
1696143/tcp open imap
1697443/tcp open https
1698465/tcp open smtps
1699587/tcp open submission
1700993/tcp open imaps
1701995/tcp open pop3s
17028080/tcp open http-proxy
1703
1704Nmap done: 1 IP address (1 host up) scanned in 25.49 seconds
1705#####################################################################################################################################
1706Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 01:48 EST
1707Nmap scan report for mail.maxtel.cl (200.73.54.34)
1708Host is up (0.23s latency).
1709Not shown: 2 filtered ports
1710PORT STATE SERVICE
171153/udp open domain
171267/udp open|filtered dhcps
171368/udp open|filtered dhcpc
171469/udp open|filtered tftp
171588/udp open|filtered kerberos-sec
1716123/udp open|filtered ntp
1717139/udp open|filtered netbios-ssn
1718161/udp open|filtered snmp
1719162/udp open|filtered snmptrap
1720389/udp open|filtered ldap
1721500/udp open|filtered isakmp
1722520/udp open|filtered route
17232049/udp open|filtered nfs
1724
1725Nmap done: 1 IP address (1 host up) scanned in 3.49 seconds
1726######################################################################################################################################
1727Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 02:46 EST
1728Nmap scan report for mail.maxtel.cl (200.73.54.34)
1729Host is up (0.38s latency).
1730Not shown: 929 filtered ports, 60 closed ports
1731PORT STATE SERVICE
173221/tcp open ftp
173353/tcp open domain
173480/tcp open http
1735110/tcp open pop3
1736143/tcp open imap
1737443/tcp open https
1738465/tcp open smtps
1739587/tcp open submission
1740993/tcp open imaps
1741995/tcp open pop3s
17428080/tcp open http-proxy
1743
1744Host script results:
1745| dns-brute:
1746| DNS Brute-force hostnames:
1747| mail.maxtel.cl - 200.73.54.34
1748| ns1.maxtel.cl - 200.73.54.34
1749| ns2.maxtel.cl - 200.73.54.34
1750| ftp.maxtel.cl - 200.73.54.34
1751|_ www.maxtel.cl - 200.73.54.34
1752#####################################################################################################################################
1753Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 02:06 EST
1754Nmap scan report for mail.maxtel.cl (200.73.54.34)
1755Host is up (0.18s latency).
1756Not shown: 928 filtered ports, 60 closed ports
1757PORT STATE SERVICE VERSION
175821/tcp open ftp Pure-FTPd
175953/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
176080/tcp open http Apache httpd
1761|_http-title: MAXTEL Simple Networks
1762110/tcp open pop3 Dovecot pop3d
1763|_pop3-capabilities: PIPELINING CAPA TOP AUTH-RESP-CODE SASL(PLAIN LOGIN) USER STLS UIDL RESP-CODES
1764143/tcp open imap Dovecot imapd
1765|_imap-capabilities: LITERAL+ capabilities ID AUTH=PLAIN more LOGIN-REFERRALS SASL-IR OK Pre-login IMAP4rev1 listed IDLE AUTH=LOGINA0001 ENABLE STARTTLS NAMESPACE have post-login
1766443/tcp open ssl/http Apache httpd
1767|_http-title: MAXTEL Simple Networks
1768| ssl-cert: Subject: commonName=cpanel.maxtel.cl
1769| Subject Alternative Name: DNS:cpanel.maxtel.cl, DNS:www.cpanel.maxtel.cl
1770| Not valid before: 2018-04-14T00:00:00
1771|_Not valid after: 2019-04-14T23:59:59
1772465/tcp open ssl/smtp Exim smtpd 4.92
1773| smtp-commands: cpanel.maxtel.cl Hello mail.maxtel.cl [37.120.205.10], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1774|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1775| vulners:
1776| cpe:/a:exim:exim:4.92:
1777| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1778| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1779|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1780587/tcp open smtp Exim smtpd 4.92
1781| smtp-commands: cpanel.maxtel.cl Hello mail.maxtel.cl [37.120.205.10], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
1782|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1783| vulners:
1784| cpe:/a:exim:exim:4.92:
1785| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1786| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1787|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1788993/tcp open ssl/imaps?
1789995/tcp open ssl/pop3s?
17901723/tcp open tcpwrapped
1791|_pptp-version: ERROR: Script execution failed (use -d to debug)
17928080/tcp open http Indy httpd 19.4.52.3515 (Paessler PRTG bandwidth monitor)
1793|_http-open-proxy: Proxy might be redirecting requests
1794|_http-server-header: PRTG/19.4.52.3515
1795| http-title: Bienvenido | PRTG Network Monitor Maxtel
1796|_Requested resource was /index.htm
1797|_http-trane-info: Problem with XML parsing of /evox/about
1798Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1799Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1800OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250
1801Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 - 3.1 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 2.6.39 (91%), Linux 2.6.39 (91%), Linux 3.10 (91%), Linux 3.2 (91%), HP P2000 G3 NAS device (90%), Linux 3.8 (90%), Linux 2.6.32 - 3.10 (89%)
1802No exact OS matches for host (test conditions non-ideal).
1803Service Info: Host: cpanel.maxtel.cl; OSs: Linux, Windows; CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:microsoft:windows
1804######################################################################################################################################
1805Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 02:14 EST
1806Nmap scan report for mail.maxtel.cl (200.73.54.34)
1807Host is up (0.38s latency).
1808Not shown: 928 filtered ports, 60 closed ports
1809PORT STATE SERVICE VERSION
181021/tcp open ftp Pure-FTPd
1811| vulscan: VulDB - https://vuldb.com:
1812| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
1813| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
1814| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
1815|
1816| MITRE CVE - https://cve.mitre.org:
1817| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
1818|
1819| SecurityFocus - https://www.securityfocus.com/bid/:
1820| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
1821|
1822| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1823| No findings
1824|
1825| Exploit-DB - https://www.exploit-db.com:
1826| No findings
1827|
1828| OpenVAS (Nessus) - http://www.openvas.org:
1829| No findings
1830|
1831| SecurityTracker - https://www.securitytracker.com:
1832| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
1833| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
1834| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
1835| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
1836|
1837| OSVDB - http://www.osvdb.org:
1838| No findings
1839|_
184053/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1841| vulscan: VulDB - https://vuldb.com:
1842| [93249] ISC BIND up to 9.8.x/9.9.9-P3/9.9.9-S5/9.10.4-P3/9.11.0 DNAME Response db.c denial of service
1843| [93015] ISC BIND up to 9.8.4/9.9.2 Packet Option DNS Packet Crash denial of service
1844| [80354] ISC BIND up to 9.8.8/9.9.8-P2/9.9.8-S3/9.10.3-P2 Address Prefix List apl_42.c denial of service
1845| [77552] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 OpenPGP Key openpgpkey_61.c denial of service
1846| [77551] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 DNSSEC Key buffer.c denial of service
1847| [13184] ISC BIND 9.8.1-P1 Smoothed Round Trip Time Algorithm DNS spoofing
1848| [9946] ISC BIND 9.8.1-P1 SRTT Algorithm privilege escalation
1849| [4443] ISC BIND up to 9.8.x Recursive Query Processor denial of service
1850| [57895] ISC BIND 9.8.0/9.8.1 Crash denial of service
1851| [4357] ISC BIND up to 9.8.x Negative Caching RRSIG RRsets denial of service
1852| [57404] ISC BIND 9.8.0 denial of service
1853| [135686] Bosch Smart Home Controller up to 9.8 Backup information disclosure
1854| [135684] Bosch Smart Home Controller up to 9.8 JSON-RPC Interface information disclosure
1855| [129940] Adobe Connect up to 9.8.1 Session Token information disclosure
1856| [117535] Synacor Zimbra Collaboration up to 8.6.0 Patch 9/8.7.11 Patch 2/8.8.7 mailboxd Error information disclosure
1857| [11371] Cisco ONS 15454 9.8.0 Controller Card denial of service
1858|
1859| MITRE CVE - https://cve.mitre.org:
1860| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
1861| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
1862| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
1863| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
1864| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
1865| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
1866| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
1867| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
1868| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
1869| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
1870| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
1871| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
1872| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
1873| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
1874| [CVE-2010-1567] The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
1875|
1876| SecurityFocus - https://www.securityfocus.com/bid/:
1877| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
1878| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
1879| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
1880| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
1881| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
1882| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
1883| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
1884| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
1885| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
1886| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
1887| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
1888| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
1889| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
1890| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
1891| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
1892| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
1893| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
1894| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
1895| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
1896| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
1897| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
1898| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
1899| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
1900| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
1901| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
1902| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
1903|
1904| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1905| [85799] Cisco Unified IP Phones 9900 Series directory traversal
1906| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
1907| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
1908| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
1909| [9250] BIND 9 dns_message_findtype() denial of service
1910| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
1911| [539] Microsoft Windows 95 and Internet Explorer password disclosure
1912| [86004] ISC BIND RDATA denial of service
1913| [84767] ISC BIND denial of service
1914| [83066] ISC BIND denial of service
1915| [81504] ISC BIND AAAA denial of service
1916| [80510] ISC BIND DNS64 denial of service
1917| [79121] ISC BIND queries denial of service
1918| [78479] ISC BIND RDATA denial of service
1919| [77185] ISC BIND TCP queries denial of service
1920| [77184] ISC BIND bad cache denial of service
1921| [76034] ISC BIND rdata denial of service
1922| [73053] ISC BIND cache update policy security bypass
1923| [71332] ISC BIND recursive queries denial of service
1924| [68375] ISC BIND UPDATE denial of service
1925| [68374] ISC BIND Response Policy Zones denial of service
1926| [67665] ISC BIND RRSIG Rrsets denial of service
1927| [67297] ISC BIND RRSIG denial of service
1928| [65554] ISC BIND IXFR transfer denial of service
1929| [63602] ISC BIND allow-query security bypass
1930| [63596] ISC BIND zone data security bypass
1931| [63595] ISC BIND RRSIG denial of service
1932| [62072] ISC BIND DNSSEC query denial of service
1933| [62071] ISC BIND ACL security bypass
1934| [61871] ISC BIND anchors denial of service
1935| [60421] ISC BIND RRSIG denial of service
1936| [56049] ISC BIND out-of-bailiwick weak security
1937| [55937] ISC Bind unspecified cache poisoning
1938| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
1939| [54416] ISC BIND DNSSEC cache poisoning
1940| [52073] ISC BIND dns_db_findrdataset() denial of service
1941| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
1942| [45234] ISC BIND UDP denial of service
1943| [39670] ISC BIND inet_network buffer overflow
1944| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
1945| [37128] RHSA update for ISC BIND RRset denial of service not installed
1946| [37127] RHSA update for ISC BIND named service denial of service not installed
1947| [36275] ISC BIND DNS query spoofing
1948| [35575] ISC BIND query ID cache poisoning
1949| [35571] ISC BIND ACL security bypass
1950| [31838] ISC BIND RRset denial of service
1951| [31799] ISC BIND named service denial of service
1952| [29876] HP Tru64 ypbind core dump information disclosure
1953| [28745] ISC BIND DNSSEC RRset denial of service
1954| [28744] ISC BIND recursive INSIST denial of service
1955| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
1956| [18836] BIND hostname disclosure
1957| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
1958| [10333] ISC BIND SIG null pointer dereference denial of service
1959| [10332] ISC BIND OPT resource record (RR) denial of service
1960| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
1961| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
1962| [5814] ISC BIND "
1963| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
1964| [5462] ISC BIND AXFR host command remote buffer overflow
1965|
1966| Exploit-DB - https://www.exploit-db.com:
1967| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
1968| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
1969|
1970| OpenVAS (Nessus) - http://www.openvas.org:
1971| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
1972| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
1973| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
1974| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
1975| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
1976| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
1977| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
1978| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
1979| [11226] Oracle 9iAS default error information disclosure
1980|
1981| SecurityTracker - https://www.securitytracker.com:
1982| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
1983| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
1984| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
1985| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
1986| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
1987| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1988| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1989| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1990| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1991| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1992| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1993| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1994| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1995| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1996| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
1997| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
1998| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
1999| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
2000| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
2001| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
2002| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
2003| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
2004| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
2005| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
2006| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
2007| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
2008|
2009| OSVDB - http://www.osvdb.org:
2010| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
2011|_
201280/tcp open http Apache httpd
2013|_http-server-header: Apache
2014| vulscan: VulDB - https://vuldb.com:
2015| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2016| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2017| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2018| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2019| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2020| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2021| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2022| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2023| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2024| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2025| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2026| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2027| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2028| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2029| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2030| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2031| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2032| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2033| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2034| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2035| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2036| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2037| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2038| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2039| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2040| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2041| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2042| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2043| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2044| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2045| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2046| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2047| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2048| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2049| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2050| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2051| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2052| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2053| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2054| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2055| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2056| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2057| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2058| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2059| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2060| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2061| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2062| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2063| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2064| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2065| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2066| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2067| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2068| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2069| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2070| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2071| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2072| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2073| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2074| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2075| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2076| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2077| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2078| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2079| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2080| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2081| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2082| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2083| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2084| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2085| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2086| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2087| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2088| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2089| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2090| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2091| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2092| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2093| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2094| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2095| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2096| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2097| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2098| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2099| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2100| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2101| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2102| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2103| [136370] Apache Fineract up to 1.2.x sql injection
2104| [136369] Apache Fineract up to 1.2.x sql injection
2105| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2106| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2107| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2108| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2109| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2110| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2111| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2112| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2113| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2114| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2115| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2116| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2117| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2118| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2119| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2120| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2121| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2122| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2123| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2124| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2125| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2126| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2127| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2128| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2129| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2130| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2131| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2132| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2133| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2134| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2135| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2136| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2137| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2138| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2139| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2140| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2141| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2142| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2143| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2144| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2145| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2146| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2147| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2148| [130629] Apache Guacamole Cookie Flag weak encryption
2149| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2150| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2151| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2152| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2153| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2154| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2155| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2156| [130123] Apache Airflow up to 1.8.2 information disclosure
2157| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2158| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2159| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2160| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2161| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2162| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2163| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2164| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2165| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2166| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2167| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2168| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2169| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2170| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2171| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2172| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2173| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2174| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2175| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2176| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2177| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2178| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2179| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2180| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2181| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2182| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2183| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2184| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2185| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2186| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2187| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2188| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2189| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2190| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2191| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2192| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2193| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2194| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2195| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2196| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2197| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2198| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2199| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2200| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2201| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2202| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2203| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2204| [127007] Apache Spark Request Code Execution
2205| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2206| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2207| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2208| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2209| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2210| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2211| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2212| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2213| [126346] Apache Tomcat Path privilege escalation
2214| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2215| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2216| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2217| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2218| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2219| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2220| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2221| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2222| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2223| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2224| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2225| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2226| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2227| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2228| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2229| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2230| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2231| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2232| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2233| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2234| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2235| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2236| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2237| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2238| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2239| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2240| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2241| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2242| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2243| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2244| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2245| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2246| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2247| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2248| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2249| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2250| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2251| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2252| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2253| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2254| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2255| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2256| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2257| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2258| [123197] Apache Sentry up to 2.0.0 privilege escalation
2259| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2260| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2261| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2262| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2263| [122800] Apache Spark 1.3.0 REST API weak authentication
2264| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2265| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2266| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2267| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2268| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2269| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2270| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2271| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2272| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2273| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2274| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2275| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2276| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2277| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2278| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2279| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2280| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2281| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2282| [121354] Apache CouchDB HTTP API Code Execution
2283| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2284| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2285| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2286| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2287| [120168] Apache CXF weak authentication
2288| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2289| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2290| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2291| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2292| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2293| [119306] Apache MXNet Network Interface privilege escalation
2294| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2295| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2296| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2297| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2298| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2299| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2300| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2301| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2302| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2303| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2304| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2305| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2306| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2307| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2308| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2309| [117115] Apache Tika up to 1.17 tika-server command injection
2310| [116929] Apache Fineract getReportType Parameter privilege escalation
2311| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2312| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2313| [116926] Apache Fineract REST Parameter privilege escalation
2314| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2315| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2316| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2317| [115883] Apache Hive up to 2.3.2 privilege escalation
2318| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2319| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2320| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2321| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2322| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2323| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2324| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2325| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2326| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2327| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2328| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2329| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2330| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2331| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2332| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2333| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2334| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2335| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2336| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2337| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2338| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2339| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2340| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2341| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2342| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2343| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2344| [113895] Apache Geode up to 1.3.x Code Execution
2345| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2346| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2347| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2348| [113747] Apache Tomcat Servlets privilege escalation
2349| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2350| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2351| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2352| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2353| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2354| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2355| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2356| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2357| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2358| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2359| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2360| [112885] Apache Allura up to 1.8.0 File information disclosure
2361| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2362| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2363| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2364| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2365| [112625] Apache POI up to 3.16 Loop denial of service
2366| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2367| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2368| [112339] Apache NiFi 1.5.0 Header privilege escalation
2369| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2370| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2371| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2372| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2373| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2374| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2375| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2376| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2377| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2378| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2379| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2380| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2381| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2382| [112114] Oracle 9.1 Apache Log4j privilege escalation
2383| [112113] Oracle 9.1 Apache Log4j privilege escalation
2384| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2385| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2386| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2387| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2388| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2389| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2390| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2391| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2392| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2393| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2394| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2395| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2396| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2397| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2398| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2399| [110701] Apache Fineract Query Parameter sql injection
2400| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2401| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2402| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2403| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2404| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2405| [110106] Apache CXF Fediz Spring cross site request forgery
2406| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2407| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2408| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2409| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2410| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2411| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2412| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2413| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2414| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2415| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2416| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2417| [108938] Apple macOS up to 10.13.1 apache denial of service
2418| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2419| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2420| [108935] Apple macOS up to 10.13.1 apache denial of service
2421| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2422| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2423| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2424| [108931] Apple macOS up to 10.13.1 apache denial of service
2425| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2426| [108929] Apple macOS up to 10.13.1 apache denial of service
2427| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2428| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2429| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2430| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2431| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2432| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2433| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2434| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2435| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2436| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2437| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2438| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2439| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2440| [108782] Apache Xerces2 XML Service denial of service
2441| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2442| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2443| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2444| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2445| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2446| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2447| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2448| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2449| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2450| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2451| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2452| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2453| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2454| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2455| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2456| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2457| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2458| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2459| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2460| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2461| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2462| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2463| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2464| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2465| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2466| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2467| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2468| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2469| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2470| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2471| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2472| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2473| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2474| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2475| [107639] Apache NiFi 1.4.0 XML External Entity
2476| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2477| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2478| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2479| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2480| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2481| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2482| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2483| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2484| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2485| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2486| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2487| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2488| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2489| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2490| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2491| [107084] Apache Struts up to 2.3.19 cross site scripting
2492| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2493| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2494| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2495| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2496| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2497| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2498| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2499| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2500| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2501| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2502| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2503| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2504| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2505| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2506| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2507| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2508| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2509| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2510| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2511| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2512| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2513| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2514| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2515| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2516| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2517| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2518| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2519| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2520| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2521| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2522| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2523| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2524| [105643] Apache Pony Mail up to 0.8b weak authentication
2525| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2526| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2527| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2528| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2529| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2530| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2531| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2532| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2533| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2534| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2535| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2536| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2537| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2538| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2539| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2540| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2541| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2542| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2543| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2544| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2545| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2546| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2547| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2548| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2549| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2550| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2551| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2552| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2553| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2554| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2555| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2556| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2557| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2558| [103690] Apache OpenMeetings 1.0.0 sql injection
2559| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2560| [103688] Apache OpenMeetings 1.0.0 weak encryption
2561| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2562| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2563| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2564| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2565| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2566| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2567| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2568| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2569| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2570| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2571| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2572| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2573| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2574| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2575| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2576| [103352] Apache Solr Node weak authentication
2577| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2578| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2579| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2580| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2581| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2582| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2583| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2584| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2585| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2586| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2587| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2588| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2589| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2590| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2591| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2592| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2593| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2594| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2595| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2596| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2597| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2598| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2599| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2600| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2601| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2602| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2603| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2604| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2605| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2606| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2607| [99937] Apache Batik up to 1.8 privilege escalation
2608| [99936] Apache FOP up to 2.1 privilege escalation
2609| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2610| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2611| [99930] Apache Traffic Server up to 6.2.0 denial of service
2612| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2613| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2614| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2615| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2616| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2617| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2618| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2619| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2620| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2621| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2622| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2623| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2624| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2625| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2626| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2627| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2628| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2629| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2630| [98605] Apple macOS up to 10.12.3 Apache denial of service
2631| [98604] Apple macOS up to 10.12.3 Apache denial of service
2632| [98603] Apple macOS up to 10.12.3 Apache denial of service
2633| [98602] Apple macOS up to 10.12.3 Apache denial of service
2634| [98601] Apple macOS up to 10.12.3 Apache denial of service
2635| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2636| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2637| [98199] Apache Camel Validation XML External Entity
2638| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2639| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2640| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2641| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2642| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2643| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2644| [97081] Apache Tomcat HTTPS Request denial of service
2645| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2646| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2647| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2648| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2649| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2650| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2651| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2652| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2653| [95311] Apache Storm UI Daemon privilege escalation
2654| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2655| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2656| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2657| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2658| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2659| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2660| [94540] Apache Tika 1.9 tika-server File information disclosure
2661| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2662| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2663| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2664| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2665| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2666| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2667| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2668| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2669| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2670| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2671| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2672| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2673| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2674| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2675| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2676| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2677| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2678| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2679| [93532] Apache Commons Collections Library Java privilege escalation
2680| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2681| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2682| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2683| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2684| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2685| [93098] Apache Commons FileUpload privilege escalation
2686| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2687| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2688| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2689| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2690| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2691| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2692| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2693| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2694| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2695| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2696| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2697| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2698| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2699| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2700| [92549] Apache Tomcat on Red Hat privilege escalation
2701| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2702| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2703| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2704| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2705| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2706| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2707| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2708| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2709| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2710| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2711| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2712| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2713| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2714| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2715| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2716| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2717| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2718| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2719| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2720| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2721| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2722| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2723| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2724| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2725| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2726| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2727| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2728| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2729| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2730| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2731| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2732| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2733| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2734| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2735| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2736| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2737| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2738| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2739| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2740| [90263] Apache Archiva Header denial of service
2741| [90262] Apache Archiva Deserialize privilege escalation
2742| [90261] Apache Archiva XML DTD Connection privilege escalation
2743| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2744| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2745| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2746| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2747| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2748| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2749| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2750| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2751| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2752| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2753| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2754| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2755| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2756| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2757| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2758| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2759| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2760| [87765] Apache James Server 2.3.2 Command privilege escalation
2761| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2762| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2763| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2764| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2765| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2766| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2767| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2768| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2769| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2770| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2771| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2772| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2773| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2774| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2775| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2776| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2777| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2778| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2779| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2780| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2781| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2782| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2783| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2784| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2785| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2786| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2787| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2788| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2789| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2790| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2791| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2792| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2793| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2794| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2795| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2796| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2797| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2798| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2799| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2800| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2801| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2802| [82076] Apache Ranger up to 0.5.1 privilege escalation
2803| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2804| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2805| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2806| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2807| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2808| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2809| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2810| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2811| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2812| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2813| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2814| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2815| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2816| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2817| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2818| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2819| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2820| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2821| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2822| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2823| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2824| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2825| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2826| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2827| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2828| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2829| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2830| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2831| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2832| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2833| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2834| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2835| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2836| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2837| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2838| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2839| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2840| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2841| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2842| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2843| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2844| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2845| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2846| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2847| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2848| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2849| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2850| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2851| [78989] Apache Ambari up to 2.1.1 Open Redirect
2852| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2853| [78987] Apache Ambari up to 2.0.x cross site scripting
2854| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2855| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2856| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2857| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2858| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2859| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2860| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2861| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2862| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2863| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2864| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2865| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2866| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2867| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2868| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2869| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2870| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2871| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2872| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2873| [76567] Apache Struts 2.3.20 unknown vulnerability
2874| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2875| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2876| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2877| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2878| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2879| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2880| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2881| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2882| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2883| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2884| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2885| [74793] Apache Tomcat File Upload denial of service
2886| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2887| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2888| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2889| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2890| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2891| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2892| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2893| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2894| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2895| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2896| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2897| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2898| [74468] Apache Batik up to 1.6 denial of service
2899| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2900| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2901| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2902| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2903| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2904| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2905| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2906| [73731] Apache XML Security unknown vulnerability
2907| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2908| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2909| [73593] Apache Traffic Server up to 5.1.0 denial of service
2910| [73511] Apache POI up to 3.10 Deadlock denial of service
2911| [73510] Apache Solr up to 4.3.0 cross site scripting
2912| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2913| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2914| [73173] Apache CloudStack Stack-Based unknown vulnerability
2915| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2916| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2917| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2918| [72890] Apache Qpid 0.30 unknown vulnerability
2919| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2920| [72878] Apache Cordova 3.5.0 cross site request forgery
2921| [72877] Apache Cordova 3.5.0 cross site request forgery
2922| [72876] Apache Cordova 3.5.0 cross site request forgery
2923| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2924| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2925| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2926| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2927| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2928| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2929| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2930| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2931| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2932| [71629] Apache Axis2/C spoofing
2933| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2934| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2935| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2936| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2937| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2938| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2939| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2940| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2941| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2942| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2943| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2944| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2945| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2946| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2947| [70809] Apache POI up to 3.11 Crash denial of service
2948| [70808] Apache POI up to 3.10 unknown vulnerability
2949| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2950| [70749] Apache Axis up to 1.4 getCN spoofing
2951| [70701] Apache Traffic Server up to 3.3.5 denial of service
2952| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2953| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2954| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2955| [70661] Apache Subversion up to 1.6.17 denial of service
2956| [70660] Apache Subversion up to 1.6.17 spoofing
2957| [70659] Apache Subversion up to 1.6.17 spoofing
2958| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2959| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2960| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2961| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2962| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2963| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2964| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2965| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2966| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2967| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2968| [69846] Apache HBase up to 0.94.8 information disclosure
2969| [69783] Apache CouchDB up to 1.2.0 memory corruption
2970| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2971| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2972| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2973| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2974| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2975| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2976| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2977| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2978| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2979| [69431] Apache Archiva up to 1.3.6 cross site scripting
2980| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2981| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2982| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2983| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2984| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2985| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2986| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2987| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2988| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2989| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2990| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2991| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2992| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2993| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2994| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2995| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2996| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2997| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2998| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2999| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3000| [66356] Apache Wicket up to 6.8.0 information disclosure
3001| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3002| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3003| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3004| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3005| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3006| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3007| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3008| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3009| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3010| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3011| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3012| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3013| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3014| [65668] Apache Solr 4.0.0 Updater denial of service
3015| [65665] Apache Solr up to 4.3.0 denial of service
3016| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3017| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3018| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3019| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3020| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3021| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3022| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3023| [65410] Apache Struts 2.3.15.3 cross site scripting
3024| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3025| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3026| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3027| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3028| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3029| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3030| [65340] Apache Shindig 2.5.0 information disclosure
3031| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3032| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3033| [10826] Apache Struts 2 File privilege escalation
3034| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3035| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3036| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3037| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3038| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3039| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3040| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3041| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3042| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3043| [64722] Apache XML Security for C++ Heap-based memory corruption
3044| [64719] Apache XML Security for C++ Heap-based memory corruption
3045| [64718] Apache XML Security for C++ verify denial of service
3046| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3047| [64716] Apache XML Security for C++ spoofing
3048| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3049| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3050| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3051| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3052| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3053| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3054| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3055| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3056| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3057| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3058| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3059| [64467] Apache Geronimo 3.0 memory corruption
3060| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3061| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3062| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3063| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3064| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3065| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3066| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3067| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3068| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3069| [8873] Apache Struts 2.3.14 privilege escalation
3070| [8872] Apache Struts 2.3.14 privilege escalation
3071| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3072| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3073| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3074| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3075| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3076| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3077| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3078| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3079| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3080| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3081| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3082| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3083| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3084| [8427] Apache Tomcat Session Transaction weak authentication
3085| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3086| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3087| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3088| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3089| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3090| [63747] Apache Rave up to 0.20 User Account information disclosure
3091| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3092| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3093| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3094| [7687] Apache CXF up to 2.7.2 Token weak authentication
3095| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3096| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3097| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3098| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3099| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3100| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3101| [63090] Apache Tomcat up to 4.1.24 denial of service
3102| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3103| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3104| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3105| [62833] Apache CXF -/2.6.0 spoofing
3106| [62832] Apache Axis2 up to 1.6.2 spoofing
3107| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3108| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3109| [62826] Apache Libcloud up to 0.11.0 spoofing
3110| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3111| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3112| [62661] Apache Axis2 unknown vulnerability
3113| [62658] Apache Axis2 unknown vulnerability
3114| [62467] Apache Qpid up to 0.17 denial of service
3115| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3116| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3117| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3118| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3119| [62035] Apache Struts up to 2.3.4 denial of service
3120| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3121| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3122| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3123| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3124| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3125| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3126| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3127| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3128| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3129| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3130| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3131| [61229] Apache Sling up to 2.1.1 denial of service
3132| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3133| [61094] Apache Roller up to 5.0 cross site scripting
3134| [61093] Apache Roller up to 5.0 cross site request forgery
3135| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3136| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3137| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3138| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3139| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3140| [60708] Apache Qpid 0.12 unknown vulnerability
3141| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3142| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3143| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3144| [4882] Apache Wicket up to 1.5.4 directory traversal
3145| [4881] Apache Wicket up to 1.4.19 cross site scripting
3146| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3147| [60352] Apache Struts up to 2.2.3 memory corruption
3148| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3149| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3150| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3151| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3152| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3153| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3154| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3155| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3156| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3157| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3158| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3159| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3160| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3161| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3162| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3163| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3164| [59888] Apache Tomcat up to 6.0.6 denial of service
3165| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3166| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3167| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3168| [59850] Apache Geronimo up to 2.2.1 denial of service
3169| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3170| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3171| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3172| [58413] Apache Tomcat up to 6.0.10 spoofing
3173| [58381] Apache Wicket up to 1.4.17 cross site scripting
3174| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3175| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3176| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3177| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3178| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3179| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3180| [57568] Apache Archiva up to 1.3.4 cross site scripting
3181| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3182| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3183| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3184| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3185| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3186| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3187| [57025] Apache Tomcat up to 7.0.11 information disclosure
3188| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3189| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3190| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3191| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3192| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3193| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3194| [56512] Apache Continuum up to 1.4.0 cross site scripting
3195| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3196| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3197| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3198| [56441] Apache Tomcat up to 7.0.6 denial of service
3199| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3200| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3201| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3202| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3203| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3204| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3205| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3206| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3207| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3208| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3209| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3210| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3211| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3212| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3213| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3214| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3215| [54012] Apache Tomcat up to 6.0.10 denial of service
3216| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3217| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3218| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3219| [52894] Apache Tomcat up to 6.0.7 information disclosure
3220| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3221| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3222| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3223| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3224| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3225| [52584] Apache CouchDB up to 0.10.1 information disclosure
3226| [51757] Apache HTTP Server 2.0.44 cross site scripting
3227| [51756] Apache HTTP Server 2.0.44 spoofing
3228| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3229| [51690] Apache Tomcat up to 6.0 directory traversal
3230| [51689] Apache Tomcat up to 6.0 information disclosure
3231| [51688] Apache Tomcat up to 6.0 directory traversal
3232| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3233| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3234| [50626] Apache Solr 1.0.0 cross site scripting
3235| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3236| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3237| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3238| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3239| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3240| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3241| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3242| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3243| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3244| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3245| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3246| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3247| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3248| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3249| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3250| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3251| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3252| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3253| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3254| [47214] Apachefriends xampp 1.6.8 spoofing
3255| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3256| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3257| [47065] Apache Tomcat 4.1.23 cross site scripting
3258| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3259| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3260| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3261| [86625] Apache Struts directory traversal
3262| [44461] Apache Tomcat up to 5.5.0 information disclosure
3263| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3264| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3265| [43663] Apache Tomcat up to 6.0.16 directory traversal
3266| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3267| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3268| [43516] Apache Tomcat up to 4.1.20 directory traversal
3269| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3270| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3271| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3272| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3273| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3274| [40924] Apache Tomcat up to 6.0.15 information disclosure
3275| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3276| [40922] Apache Tomcat up to 6.0 information disclosure
3277| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3278| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3279| [40656] Apache Tomcat 5.5.20 information disclosure
3280| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3281| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3282| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3283| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3284| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3285| [40234] Apache Tomcat up to 6.0.15 directory traversal
3286| [40221] Apache HTTP Server 2.2.6 information disclosure
3287| [40027] David Castro Apache Authcas 0.4 sql injection
3288| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3289| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3290| [3414] Apache Tomcat WebDAV Stored privilege escalation
3291| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3292| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3293| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3294| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3295| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3296| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3297| [38524] Apache Geronimo 2.0 unknown vulnerability
3298| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3299| [38331] Apache Tomcat 4.1.24 information disclosure
3300| [38330] Apache Tomcat 4.1.24 information disclosure
3301| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3302| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3303| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3304| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3305| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3306| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3307| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3308| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3309| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3310| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3311| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3312| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3313| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3314| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3315| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3316| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3317| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3318| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3319| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3320| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3321| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3322| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3323| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3324| [34252] Apache HTTP Server denial of service
3325| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3326| [33877] Apache Opentaps 0.9.3 cross site scripting
3327| [33876] Apache Open For Business Project unknown vulnerability
3328| [33875] Apache Open For Business Project cross site scripting
3329| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3330| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3331|
3332| MITRE CVE - https://cve.mitre.org:
3333| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3334| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3335| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3336| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3337| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3338| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3339| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3340| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3341| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3342| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3343| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3344| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3345| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3346| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3347| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3348| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3349| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3350| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3351| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3352| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3353| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3354| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3355| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3356| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3357| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3358| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3359| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3360| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3361| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3362| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3363| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3364| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3365| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3366| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3367| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3368| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3369| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3370| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3371| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3372| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3373| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3374| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3375| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3376| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3377| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3378| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3379| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3380| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3381| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3382| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3383| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3384| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3385| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3386| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3387| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3388| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3389| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3390| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3391| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3392| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3393| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3394| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3395| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3396| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3397| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3398| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3399| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3400| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3401| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3402| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3403| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3404| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3405| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3406| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3407| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3408| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3409| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3410| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3411| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3412| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3413| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3414| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3415| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3416| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3417| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3418| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3419| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3420| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3421| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3422| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3423| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3424| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3425| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3426| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3427| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3428| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3429| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3430| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3431| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3432| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3433| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3434| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3435| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3436| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3437| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3438| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3439| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3440| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3441| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3442| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3443| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3444| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3445| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3446| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3447| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3448| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3449| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3450| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3451| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3452| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3453| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3454| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3455| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3456| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3457| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3458| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3459| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3460| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3461| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3462| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3463| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3464| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3465| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3466| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3467| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3468| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3469| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3470| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3471| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3472| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3473| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3474| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3475| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3476| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3477| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3478| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3479| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3480| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3481| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3482| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3483| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3484| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3485| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3486| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3487| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3488| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3489| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3490| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3491| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3492| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3493| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3494| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3495| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3496| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3497| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3498| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3499| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3500| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3501| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3502| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3503| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3504| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3505| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3506| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3507| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3508| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3509| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3510| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3511| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3512| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3513| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3514| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3515| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3516| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3517| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3518| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3519| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3520| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3521| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3522| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3523| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3524| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3525| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3526| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3527| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3528| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3529| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3530| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3531| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3532| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3533| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3534| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3535| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3536| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3537| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3538| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3539| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3540| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3541| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3542| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3543| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3544| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3545| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3546| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3547| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3548| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3549| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3550| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3551| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3552| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3553| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3554| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3555| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3556| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3557| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3558| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3559| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3560| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3561| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3562| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3563| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3564| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3565| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3566| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3567| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3568| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3569| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3570| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3571| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3572| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3573| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3574| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3575| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3576| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3577| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3578| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3579| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3580| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3581| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3582| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3583| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3584| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3585| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3586| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3587| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3588| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3589| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3590| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3591| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3592| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3593| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3594| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3595| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3596| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3597| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3598| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3599| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3600| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3601| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3602| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3603| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3604| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3605| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3606| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3607| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3608| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3609| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3610| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3611| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3612| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3613| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3614| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3615| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3616| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3617| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3618| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3619| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3620| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3621| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3622| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3623| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3624| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3625| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3626| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3627| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3628| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3629| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3630| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3631| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3632| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3633| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3634| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3635| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3636| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3637| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3638| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3639| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3640| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3641| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3642| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3643| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3644| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3645| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3646| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3647| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3648| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3649| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3650| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3651| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3652| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3653| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3654| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3655| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3656| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3657| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3658| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3659| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3660| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3661| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3662| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3663| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3664| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3665| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3666| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3667| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3668| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3669| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3670| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3671| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3672| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3673| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3674| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3675| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3676| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3677| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3678| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3679| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3680| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3681| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3682| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3683| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3684| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3685| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3686| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3687| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3688| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3689| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3690| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3691| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3692| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3693| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3694| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3695| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3696| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3697| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3698| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3699| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3700| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3701| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3702| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3703| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3704| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3705| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3706| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3707| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3708| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3709| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3710| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3711| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3712| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3713| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3714| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3715| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3716| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3717| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3718| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3719| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3720| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3721| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3722| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3723| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3724| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3725| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3726| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3727| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3728| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3729| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3730| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3731| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3732| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3733| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3734| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3735| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3736| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3737| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3738| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3739| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3740| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3741| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3742| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3743| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3744| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3745| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3746| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3747| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3748| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3749| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3750| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3751| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3752| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3753| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3754| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3755| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3756| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3757| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3758| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3759| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3760| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3761| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3762| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3763| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3764| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3765| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3766| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3767| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3768| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3769| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3770| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3771| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3772| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3773| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3774| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3775| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3776| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3777| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3778| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3779| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3780| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3781| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3782| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3783| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3784| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3785| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3786| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3787| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3788| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3789| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3790| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3791| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3792| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3793| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3794| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3795| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3796| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3797| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3798| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3799| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3800| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3801| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3802| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3803| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3804| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3805| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3806| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3807| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3808| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3809| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3810| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3811| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3812| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3813| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3814| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3815| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3816| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3817| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3818| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3819| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3820| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3821| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3822| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3823| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3824| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3825| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3826| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3827| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3828| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3829| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3830| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3831| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3832| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3833| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3834| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3835| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3836| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3837| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3838| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3839| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3840| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3841| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3842| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3843| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3844| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3845| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3846| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3847| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3848| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3849| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3850| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3851| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3852| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3853| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3854| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3855| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3856| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3857| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3858| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3859| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3860| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3861| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3862| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3863| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3864| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3865| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3866| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3867| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3868| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3869| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3870| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3871| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3872| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3873| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3874| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3875| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3876| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3877| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3878| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3879| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3880| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3881| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3882| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3883| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3884| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3885| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3886| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3887| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3888| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3889| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3890| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3891| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3892| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3893| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3894| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3895| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3896| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3897| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3898| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3899| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3900| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3901| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3902| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3903| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3904| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3905| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3906| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3907| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3908| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3909| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3910| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3911| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3912| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3913| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3914| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3915| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3916| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3917| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3918| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3919| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3920| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3921| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3922| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3923| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3924| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3925| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3926| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3927| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3928| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3929| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3930| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3931| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3932| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3933| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3934| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3935| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3936| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3937| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3938| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3939| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3940| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3941| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3942|
3943| SecurityFocus - https://www.securityfocus.com/bid/:
3944| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3945| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3946| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3947| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3948| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3949| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3950| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3951| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3952| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3953| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3954| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3955| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3956| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3957| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3958| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3959| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3960| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3961| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3962| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3963| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3964| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3965| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3966| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3967| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3968| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3969| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3970| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3971| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3972| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3973| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3974| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3975| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3976| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3977| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3978| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3979| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3980| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3981| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3982| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3983| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3984| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3985| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3986| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3987| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3988| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3989| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3990| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3991| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3992| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3993| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3994| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3995| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3996| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3997| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3998| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3999| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4000| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4001| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4002| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4003| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4004| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4005| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4006| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4007| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4008| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4009| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4010| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4011| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4012| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4013| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4014| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4015| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4016| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4017| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4018| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4019| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4020| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4021| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4022| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4023| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4024| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4025| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4026| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4027| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4028| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4029| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4030| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4031| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4032| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4033| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4034| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4035| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4036| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4037| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4038| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4039| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4040| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4041| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4042| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4043| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4044| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4045| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4046| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4047| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4048| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4049| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4050| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4051| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4052| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4053| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4054| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4055| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4056| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4057| [100447] Apache2Triad Multiple Security Vulnerabilities
4058| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4059| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4060| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4061| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4062| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4063| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4064| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4065| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4066| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4067| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4068| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4069| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4070| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4071| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4072| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4073| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4074| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4075| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4076| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4077| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4078| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4079| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4080| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4081| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4082| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4083| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4084| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4085| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4086| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4087| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4088| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4089| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4090| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4091| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4092| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4093| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4094| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4095| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4096| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4097| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4098| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4099| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4100| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4101| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4102| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4103| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4104| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4105| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4106| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4107| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4108| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4109| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4110| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4111| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4112| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4113| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4114| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4115| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4116| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4117| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4118| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4119| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4120| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4121| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4122| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4123| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4124| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4125| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4126| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4127| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4128| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4129| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4130| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4131| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4132| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4133| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4134| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4135| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4136| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4137| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4138| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4139| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4140| [95675] Apache Struts Remote Code Execution Vulnerability
4141| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4142| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4143| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4144| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4145| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4146| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4147| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4148| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4149| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4150| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4151| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4152| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4153| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4154| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4155| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4156| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4157| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4158| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4159| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4160| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4161| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4162| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4163| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4164| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4165| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4166| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4167| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4168| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4169| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4170| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4171| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4172| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4173| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4174| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4175| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4176| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4177| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4178| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4179| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4180| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4181| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4182| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4183| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4184| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4185| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4186| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4187| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4188| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4189| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4190| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4191| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4192| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4193| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4194| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4195| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4196| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4197| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4198| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4199| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4200| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4201| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4202| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4203| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4204| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4205| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4206| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4207| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4208| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4209| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4210| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4211| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4212| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4213| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4214| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4215| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4216| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4217| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4218| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4219| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4220| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4221| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4222| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4223| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4224| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4225| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4226| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4227| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4228| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4229| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4230| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4231| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4232| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4233| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4234| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4235| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4236| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4237| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4238| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4239| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4240| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4241| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4242| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4243| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4244| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4245| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4246| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4247| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4248| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4249| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4250| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4251| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4252| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4253| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4254| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4255| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4256| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4257| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4258| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4259| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4260| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4261| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4262| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4263| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4264| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4265| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4266| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4267| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4268| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4269| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4270| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4271| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4272| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4273| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4274| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4275| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4276| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4277| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4278| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4279| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4280| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4281| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4282| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4283| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4284| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4285| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4286| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4287| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4288| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4289| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4290| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4291| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4292| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4293| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4294| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4295| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4296| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4297| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4298| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4299| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4300| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4301| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4302| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4303| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4304| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4305| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4306| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4307| [76933] Apache James Server Unspecified Command Execution Vulnerability
4308| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4309| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4310| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4311| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4312| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4313| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4314| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4315| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4316| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4317| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4318| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4319| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4320| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4321| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4322| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4323| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4324| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4325| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4326| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4327| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4328| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4329| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4330| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4331| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4332| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4333| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4334| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4335| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4336| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4337| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4338| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4339| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4340| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4341| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4342| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4343| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4344| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4345| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4346| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4347| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4348| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4349| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4350| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4351| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4352| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4353| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4354| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4355| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4356| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4357| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4358| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4359| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4360| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4361| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4362| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4363| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4364| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4365| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4366| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4367| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4368| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4369| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4370| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4371| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4372| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4373| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4374| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4375| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4376| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4377| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4378| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4379| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4380| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4381| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4382| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4383| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4384| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4385| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4386| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4387| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4388| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4389| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4390| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4391| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4392| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4393| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4394| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4395| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4396| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4397| [68229] Apache Harmony PRNG Entropy Weakness
4398| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4399| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4400| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4401| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4402| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4403| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4404| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4405| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4406| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4407| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4408| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4409| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4410| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4411| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4412| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4413| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4414| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4415| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4416| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4417| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4418| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4419| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4420| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4421| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4422| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4423| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4424| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4425| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4426| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4427| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4428| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4429| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4430| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4431| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4432| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4433| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4434| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4435| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4436| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4437| [64780] Apache CloudStack Unauthorized Access Vulnerability
4438| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4439| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4440| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4441| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4442| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4443| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4444| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4445| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4446| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4447| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4448| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4449| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4450| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4451| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4452| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4453| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4454| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4455| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4456| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4457| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4458| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4459| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4460| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4461| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4462| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4463| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4464| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4465| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4466| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4467| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4468| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4469| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4470| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4471| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4472| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4473| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4474| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4475| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4476| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4477| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4478| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4479| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4480| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4481| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4482| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4483| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4484| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4485| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4486| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4487| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4488| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4489| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4490| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4491| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4492| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4493| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4494| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4495| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4496| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4497| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4498| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4499| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4500| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4501| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4502| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4503| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4504| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4505| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4506| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4507| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4508| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4509| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4510| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4511| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4512| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4513| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4514| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4515| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4516| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4517| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4518| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4519| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4520| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4521| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4522| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4523| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4524| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4525| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4526| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4527| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4528| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4529| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4530| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4531| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4532| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4533| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4534| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4535| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4536| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4537| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4538| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4539| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4540| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4541| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4542| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4543| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4544| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4545| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4546| [54798] Apache Libcloud Man In The Middle Vulnerability
4547| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4548| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4549| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4550| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4551| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4552| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4553| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4554| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4555| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4556| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4557| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4558| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4559| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4560| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4561| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4562| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4563| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4564| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4565| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4566| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4567| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4568| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4569| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4570| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4571| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4572| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4573| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4574| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4575| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4576| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4577| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4578| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4579| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4580| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4581| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4582| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4583| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4584| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4585| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4586| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4587| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4588| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4589| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4590| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4591| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4592| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4593| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4594| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4595| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4596| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4597| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4598| [49290] Apache Wicket Cross Site Scripting Vulnerability
4599| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4600| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4601| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4602| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4603| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4604| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4605| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4606| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4607| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4608| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4609| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4610| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4611| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4612| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4613| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4614| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4615| [46953] Apache MPM-ITK Module Security Weakness
4616| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4617| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4618| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4619| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4620| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4621| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4622| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4623| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4624| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4625| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4626| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4627| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4628| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4629| [44616] Apache Shiro Directory Traversal Vulnerability
4630| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4631| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4632| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4633| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4634| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4635| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4636| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4637| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4638| [42492] Apache CXF XML DTD Processing Security Vulnerability
4639| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4640| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4641| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4642| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4643| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4644| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4645| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4646| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4647| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4648| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4649| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4650| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4651| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4652| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4653| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4654| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4655| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4656| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4657| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4658| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4659| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4660| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4661| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4662| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4663| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4664| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4665| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4666| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4667| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4668| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4669| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4670| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4671| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4672| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4673| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4674| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4675| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4676| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4677| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4678| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4679| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4680| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4681| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4682| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4683| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4684| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4685| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4686| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4687| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4688| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4689| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4690| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4691| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4692| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4693| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4694| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4695| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4696| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4697| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4698| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4699| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4700| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4701| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4702| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4703| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4704| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4705| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4706| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4707| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4708| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4709| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4710| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4711| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4712| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4713| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4714| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4715| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4716| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4717| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4718| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4719| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4720| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4721| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4722| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4723| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4724| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4725| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4726| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4727| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4728| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4729| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4730| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4731| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4732| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4733| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4734| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4735| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4736| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4737| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4738| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4739| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4740| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4741| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4742| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4743| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4744| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4745| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4746| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4747| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4748| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4749| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4750| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4751| [20527] Apache Mod_TCL Remote Format String Vulnerability
4752| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4753| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4754| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4755| [19106] Apache Tomcat Information Disclosure Vulnerability
4756| [18138] Apache James SMTP Denial Of Service Vulnerability
4757| [17342] Apache Struts Multiple Remote Vulnerabilities
4758| [17095] Apache Log4Net Denial Of Service Vulnerability
4759| [16916] Apache mod_python FileSession Code Execution Vulnerability
4760| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4761| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4762| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4763| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4764| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4765| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4766| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4767| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4768| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4769| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4770| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4771| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4772| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4773| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4774| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4775| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4776| [14106] Apache HTTP Request Smuggling Vulnerability
4777| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4778| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4779| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4780| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4781| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4782| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4783| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4784| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4785| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4786| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4787| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4788| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4789| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4790| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4791| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4792| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4793| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4794| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4795| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4796| [11094] Apache mod_ssl Denial Of Service Vulnerability
4797| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4798| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4799| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4800| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4801| [10478] ClueCentral Apache Suexec Patch Security Weakness
4802| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4803| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4804| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4805| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4806| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4807| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4808| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4809| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4810| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4811| [9733] Apache Cygwin Directory Traversal Vulnerability
4812| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4813| [9590] Apache-SSL Client Certificate Forging Vulnerability
4814| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4815| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4816| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4817| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4818| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4819| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4820| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4821| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4822| [8898] Red Hat Apache Directory Index Default Configuration Error
4823| [8883] Apache Cocoon Directory Traversal Vulnerability
4824| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4825| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4826| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4827| [8707] Apache htpasswd Password Entropy Weakness
4828| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4829| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4830| [8226] Apache HTTP Server Multiple Vulnerabilities
4831| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4832| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4833| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4834| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4835| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4836| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4837| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4838| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4839| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4840| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4841| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4842| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4843| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4844| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4845| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4846| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4847| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4848| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4849| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4850| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4851| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4852| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4853| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4854| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4855| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4856| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4857| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4858| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4859| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4860| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4861| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4862| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4863| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4864| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4865| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4866| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4867| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4868| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4869| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4870| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4871| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4872| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4873| [5485] Apache 2.0 Path Disclosure Vulnerability
4874| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4875| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4876| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4877| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4878| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4879| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4880| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4881| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4882| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4883| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4884| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4885| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4886| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4887| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4888| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4889| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4890| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4891| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4892| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4893| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4894| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4895| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4896| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4897| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4898| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4899| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4900| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4901| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4902| [3596] Apache Split-Logfile File Append Vulnerability
4903| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4904| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4905| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4906| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4907| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4908| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4909| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4910| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4911| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4912| [3169] Apache Server Address Disclosure Vulnerability
4913| [3009] Apache Possible Directory Index Disclosure Vulnerability
4914| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4915| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4916| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4917| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4918| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4919| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4920| [2216] Apache Web Server DoS Vulnerability
4921| [2182] Apache /tmp File Race Vulnerability
4922| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4923| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4924| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4925| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4926| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4927| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4928| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4929| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4930| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4931| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4932| [1457] Apache::ASP source.asp Example Script Vulnerability
4933| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4934| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4935|
4936| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4937| [86258] Apache CloudStack text fields cross-site scripting
4938| [85983] Apache Subversion mod_dav_svn module denial of service
4939| [85875] Apache OFBiz UEL code execution
4940| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4941| [85871] Apache HTTP Server mod_session_dbd unspecified
4942| [85756] Apache Struts OGNL expression command execution
4943| [85755] Apache Struts DefaultActionMapper class open redirect
4944| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4945| [85574] Apache HTTP Server mod_dav denial of service
4946| [85573] Apache Struts Showcase App OGNL code execution
4947| [85496] Apache CXF denial of service
4948| [85423] Apache Geronimo RMI classloader code execution
4949| [85326] Apache Santuario XML Security for C++ buffer overflow
4950| [85323] Apache Santuario XML Security for Java spoofing
4951| [85319] Apache Qpid Python client SSL spoofing
4952| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4953| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4954| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4955| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4956| [84952] Apache Tomcat CVE-2012-3544 denial of service
4957| [84763] Apache Struts CVE-2013-2135 security bypass
4958| [84762] Apache Struts CVE-2013-2134 security bypass
4959| [84719] Apache Subversion CVE-2013-2088 command execution
4960| [84718] Apache Subversion CVE-2013-2112 denial of service
4961| [84717] Apache Subversion CVE-2013-1968 denial of service
4962| [84577] Apache Tomcat security bypass
4963| [84576] Apache Tomcat symlink
4964| [84543] Apache Struts CVE-2013-2115 security bypass
4965| [84542] Apache Struts CVE-2013-1966 security bypass
4966| [84154] Apache Tomcat session hijacking
4967| [84144] Apache Tomcat denial of service
4968| [84143] Apache Tomcat information disclosure
4969| [84111] Apache HTTP Server command execution
4970| [84043] Apache Virtual Computing Lab cross-site scripting
4971| [84042] Apache Virtual Computing Lab cross-site scripting
4972| [83782] Apache CloudStack information disclosure
4973| [83781] Apache CloudStack security bypass
4974| [83720] Apache ActiveMQ cross-site scripting
4975| [83719] Apache ActiveMQ denial of service
4976| [83718] Apache ActiveMQ denial of service
4977| [83263] Apache Subversion denial of service
4978| [83262] Apache Subversion denial of service
4979| [83261] Apache Subversion denial of service
4980| [83259] Apache Subversion denial of service
4981| [83035] Apache mod_ruid2 security bypass
4982| [82852] Apache Qpid federation_tag security bypass
4983| [82851] Apache Qpid qpid::framing::Buffer denial of service
4984| [82758] Apache Rave User RPC API information disclosure
4985| [82663] Apache Subversion svn_fs_file_length() denial of service
4986| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4987| [82641] Apache Qpid AMQP denial of service
4988| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4989| [82618] Apache Commons FileUpload symlink
4990| [82360] Apache HTTP Server manager interface cross-site scripting
4991| [82359] Apache HTTP Server hostnames cross-site scripting
4992| [82338] Apache Tomcat log/logdir information disclosure
4993| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4994| [82268] Apache OpenJPA deserialization command execution
4995| [81981] Apache CXF UsernameTokens security bypass
4996| [81980] Apache CXF WS-Security security bypass
4997| [81398] Apache OFBiz cross-site scripting
4998| [81240] Apache CouchDB directory traversal
4999| [81226] Apache CouchDB JSONP code execution
5000| [81225] Apache CouchDB Futon user interface cross-site scripting
5001| [81211] Apache Axis2/C SSL spoofing
5002| [81167] Apache CloudStack DeployVM information disclosure
5003| [81166] Apache CloudStack AddHost API information disclosure
5004| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5005| [80518] Apache Tomcat cross-site request forgery security bypass
5006| [80517] Apache Tomcat FormAuthenticator security bypass
5007| [80516] Apache Tomcat NIO denial of service
5008| [80408] Apache Tomcat replay-countermeasure security bypass
5009| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5010| [80317] Apache Tomcat slowloris denial of service
5011| [79984] Apache Commons HttpClient SSL spoofing
5012| [79983] Apache CXF SSL spoofing
5013| [79830] Apache Axis2/Java SSL spoofing
5014| [79829] Apache Axis SSL spoofing
5015| [79809] Apache Tomcat DIGEST security bypass
5016| [79806] Apache Tomcat parseHeaders() denial of service
5017| [79540] Apache OFBiz unspecified
5018| [79487] Apache Axis2 SAML security bypass
5019| [79212] Apache Cloudstack code execution
5020| [78734] Apache CXF SOAP Action security bypass
5021| [78730] Apache Qpid broker denial of service
5022| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5023| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5024| [78562] Apache mod_pagespeed module security bypass
5025| [78454] Apache Axis2 security bypass
5026| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5027| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5028| [78321] Apache Wicket unspecified cross-site scripting
5029| [78183] Apache Struts parameters denial of service
5030| [78182] Apache Struts cross-site request forgery
5031| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5032| [77987] mod_rpaf module for Apache denial of service
5033| [77958] Apache Struts skill name code execution
5034| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5035| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5036| [77568] Apache Qpid broker security bypass
5037| [77421] Apache Libcloud spoofing
5038| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5039| [77046] Oracle Solaris Apache HTTP Server information disclosure
5040| [76837] Apache Hadoop information disclosure
5041| [76802] Apache Sling CopyFrom denial of service
5042| [76692] Apache Hadoop symlink
5043| [76535] Apache Roller console cross-site request forgery
5044| [76534] Apache Roller weblog cross-site scripting
5045| [76152] Apache CXF elements security bypass
5046| [76151] Apache CXF child policies security bypass
5047| [75983] MapServer for Windows Apache file include
5048| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5049| [75558] Apache POI denial of service
5050| [75545] PHP apache_request_headers() buffer overflow
5051| [75302] Apache Qpid SASL security bypass
5052| [75211] Debian GNU/Linux apache 2 cross-site scripting
5053| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5054| [74871] Apache OFBiz FlexibleStringExpander code execution
5055| [74870] Apache OFBiz multiple cross-site scripting
5056| [74750] Apache Hadoop unspecified spoofing
5057| [74319] Apache Struts XSLTResult.java file upload
5058| [74313] Apache Traffic Server header buffer overflow
5059| [74276] Apache Wicket directory traversal
5060| [74273] Apache Wicket unspecified cross-site scripting
5061| [74181] Apache HTTP Server mod_fcgid module denial of service
5062| [73690] Apache Struts OGNL code execution
5063| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5064| [73100] Apache MyFaces in directory traversal
5065| [73096] Apache APR hash denial of service
5066| [73052] Apache Struts name cross-site scripting
5067| [73030] Apache CXF UsernameToken security bypass
5068| [72888] Apache Struts lastName cross-site scripting
5069| [72758] Apache HTTP Server httpOnly information disclosure
5070| [72757] Apache HTTP Server MPM denial of service
5071| [72585] Apache Struts ParameterInterceptor security bypass
5072| [72438] Apache Tomcat Digest security bypass
5073| [72437] Apache Tomcat Digest security bypass
5074| [72436] Apache Tomcat DIGEST security bypass
5075| [72425] Apache Tomcat parameter denial of service
5076| [72422] Apache Tomcat request object information disclosure
5077| [72377] Apache HTTP Server scoreboard security bypass
5078| [72345] Apache HTTP Server HTTP request denial of service
5079| [72229] Apache Struts ExceptionDelegator command execution
5080| [72089] Apache Struts ParameterInterceptor directory traversal
5081| [72088] Apache Struts CookieInterceptor command execution
5082| [72047] Apache Geronimo hash denial of service
5083| [72016] Apache Tomcat hash denial of service
5084| [71711] Apache Struts OGNL expression code execution
5085| [71654] Apache Struts interfaces security bypass
5086| [71620] Apache ActiveMQ failover denial of service
5087| [71617] Apache HTTP Server mod_proxy module information disclosure
5088| [71508] Apache MyFaces EL security bypass
5089| [71445] Apache HTTP Server mod_proxy security bypass
5090| [71203] Apache Tomcat servlets privilege escalation
5091| [71181] Apache HTTP Server ap_pregsub() denial of service
5092| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5093| [70336] Apache HTTP Server mod_proxy information disclosure
5094| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5095| [69472] Apache Tomcat AJP security bypass
5096| [69396] Apache HTTP Server ByteRange filter denial of service
5097| [69394] Apache Wicket multi window support cross-site scripting
5098| [69176] Apache Tomcat XML information disclosure
5099| [69161] Apache Tomcat jsvc information disclosure
5100| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5101| [68541] Apache Tomcat sendfile information disclosure
5102| [68420] Apache XML Security denial of service
5103| [68238] Apache Tomcat JMX information disclosure
5104| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5105| [67804] Apache Subversion control rules information disclosure
5106| [67803] Apache Subversion control rules denial of service
5107| [67802] Apache Subversion baselined denial of service
5108| [67672] Apache Archiva multiple cross-site scripting
5109| [67671] Apache Archiva multiple cross-site request forgery
5110| [67564] Apache APR apr_fnmatch() denial of service
5111| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5112| [67515] Apache Tomcat annotations security bypass
5113| [67480] Apache Struts s:submit information disclosure
5114| [67414] Apache APR apr_fnmatch() denial of service
5115| [67356] Apache Struts javatemplates cross-site scripting
5116| [67354] Apache Struts Xwork cross-site scripting
5117| [66676] Apache Tomcat HTTP BIO information disclosure
5118| [66675] Apache Tomcat web.xml security bypass
5119| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5120| [66241] Apache HttpComponents information disclosure
5121| [66154] Apache Tomcat ServletSecurity security bypass
5122| [65971] Apache Tomcat ServletSecurity security bypass
5123| [65876] Apache Subversion mod_dav_svn denial of service
5124| [65343] Apache Continuum unspecified cross-site scripting
5125| [65162] Apache Tomcat NIO connector denial of service
5126| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5127| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5128| [65159] Apache Tomcat ServletContect security bypass
5129| [65050] Apache CouchDB web-based administration UI cross-site scripting
5130| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5131| [64473] Apache Subversion blame -g denial of service
5132| [64472] Apache Subversion walk() denial of service
5133| [64407] Apache Axis2 CVE-2010-0219 code execution
5134| [63926] Apache Archiva password privilege escalation
5135| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5136| [63493] Apache Archiva credentials cross-site request forgery
5137| [63477] Apache Tomcat HttpOnly session hijacking
5138| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5139| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5140| [62959] Apache Shiro filters security bypass
5141| [62790] Apache Perl cgi module denial of service
5142| [62576] Apache Qpid exchange denial of service
5143| [62575] Apache Qpid AMQP denial of service
5144| [62354] Apache Qpid SSL denial of service
5145| [62235] Apache APR-util apr_brigade_split_line() denial of service
5146| [62181] Apache XML-RPC SAX Parser information disclosure
5147| [61721] Apache Traffic Server cache poisoning
5148| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5149| [61186] Apache CouchDB Futon cross-site request forgery
5150| [61169] Apache CXF DTD denial of service
5151| [61070] Apache Jackrabbit search.jsp SQL injection
5152| [61006] Apache SLMS Quoting cross-site request forgery
5153| [60962] Apache Tomcat time cross-site scripting
5154| [60883] Apache mod_proxy_http information disclosure
5155| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5156| [60264] Apache Tomcat Transfer-Encoding denial of service
5157| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5158| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5159| [59413] Apache mod_proxy_http timeout information disclosure
5160| [59058] Apache MyFaces unencrypted view state cross-site scripting
5161| [58827] Apache Axis2 xsd file include
5162| [58790] Apache Axis2 modules cross-site scripting
5163| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5164| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5165| [58056] Apache ActiveMQ .jsp source code disclosure
5166| [58055] Apache Tomcat realm name information disclosure
5167| [58046] Apache HTTP Server mod_auth_shadow security bypass
5168| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5169| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5170| [57429] Apache CouchDB algorithms information disclosure
5171| [57398] Apache ActiveMQ Web console cross-site request forgery
5172| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5173| [56653] Apache HTTP Server DNS spoofing
5174| [56652] Apache HTTP Server DNS cross-site scripting
5175| [56625] Apache HTTP Server request header information disclosure
5176| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5177| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5178| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5179| [55857] Apache Tomcat WAR files directory traversal
5180| [55856] Apache Tomcat autoDeploy attribute security bypass
5181| [55855] Apache Tomcat WAR directory traversal
5182| [55210] Intuit component for Joomla! Apache information disclosure
5183| [54533] Apache Tomcat 404 error page cross-site scripting
5184| [54182] Apache Tomcat admin default password
5185| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5186| [53666] Apache HTTP Server Solaris pollset support denial of service
5187| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5188| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5189| [53041] mod_proxy_ftp module for Apache denial of service
5190| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5191| [51953] Apache Tomcat Path Disclosure
5192| [51952] Apache Tomcat Path Traversal
5193| [51951] Apache stronghold-status Information Disclosure
5194| [51950] Apache stronghold-info Information Disclosure
5195| [51949] Apache PHP Source Code Disclosure
5196| [51948] Apache Multiviews Attack
5197| [51946] Apache JServ Environment Status Information Disclosure
5198| [51945] Apache error_log Information Disclosure
5199| [51944] Apache Default Installation Page Pattern Found
5200| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5201| [51942] Apache AXIS XML External Entity File Retrieval
5202| [51941] Apache AXIS Sample Servlet Information Leak
5203| [51940] Apache access_log Information Disclosure
5204| [51626] Apache mod_deflate denial of service
5205| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5206| [51365] Apache Tomcat RequestDispatcher security bypass
5207| [51273] Apache HTTP Server Incomplete Request denial of service
5208| [51195] Apache Tomcat XML information disclosure
5209| [50994] Apache APR-util xml/apr_xml.c denial of service
5210| [50993] Apache APR-util apr_brigade_vprintf denial of service
5211| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5212| [50930] Apache Tomcat j_security_check information disclosure
5213| [50928] Apache Tomcat AJP denial of service
5214| [50884] Apache HTTP Server XML ENTITY denial of service
5215| [50808] Apache HTTP Server AllowOverride privilege escalation
5216| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5217| [50059] Apache mod_proxy_ajp information disclosure
5218| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5219| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5220| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5221| [49921] Apache ActiveMQ Web interface cross-site scripting
5222| [49898] Apache Geronimo Services/Repository directory traversal
5223| [49725] Apache Tomcat mod_jk module information disclosure
5224| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5225| [49712] Apache Struts unspecified cross-site scripting
5226| [49213] Apache Tomcat cal2.jsp cross-site scripting
5227| [48934] Apache Tomcat POST doRead method information disclosure
5228| [48211] Apache Tomcat header HTTP request smuggling
5229| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5230| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5231| [47709] Apache Roller "
5232| [47104] Novell Netware ApacheAdmin console security bypass
5233| [47086] Apache HTTP Server OS fingerprinting unspecified
5234| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5235| [45791] Apache Tomcat RemoteFilterValve security bypass
5236| [44435] Oracle WebLogic Apache Connector buffer overflow
5237| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5238| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5239| [44156] Apache Tomcat RequestDispatcher directory traversal
5240| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5241| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5242| [42987] Apache HTTP Server mod_proxy module denial of service
5243| [42915] Apache Tomcat JSP files path disclosure
5244| [42914] Apache Tomcat MS-DOS path disclosure
5245| [42892] Apache Tomcat unspecified unauthorized access
5246| [42816] Apache Tomcat Host Manager cross-site scripting
5247| [42303] Apache 403 error cross-site scripting
5248| [41618] Apache-SSL ExpandCert() authentication bypass
5249| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5250| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5251| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5252| [40562] Apache Geronimo init information disclosure
5253| [40478] Novell Web Manager webadmin-apache.conf security bypass
5254| [40411] Apache Tomcat exception handling information disclosure
5255| [40409] Apache Tomcat native (APR based) connector weak security
5256| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5257| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5258| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5259| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5260| [39804] Apache Tomcat SingleSignOn information disclosure
5261| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5262| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5263| [39608] Apache HTTP Server balancer manager cross-site request forgery
5264| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5265| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5266| [39472] Apache HTTP Server mod_status cross-site scripting
5267| [39201] Apache Tomcat JULI logging weak security
5268| [39158] Apache HTTP Server Windows SMB shares information disclosure
5269| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5270| [38951] Apache::AuthCAS Perl module cookie SQL injection
5271| [38800] Apache HTTP Server 413 error page cross-site scripting
5272| [38211] Apache Geronimo SQLLoginModule authentication bypass
5273| [37243] Apache Tomcat WebDAV directory traversal
5274| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5275| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5276| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5277| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5278| [36782] Apache Geronimo MEJB unauthorized access
5279| [36586] Apache HTTP Server UTF-7 cross-site scripting
5280| [36468] Apache Geronimo LoginModule security bypass
5281| [36467] Apache Tomcat functions.jsp cross-site scripting
5282| [36402] Apache Tomcat calendar cross-site request forgery
5283| [36354] Apache HTTP Server mod_proxy module denial of service
5284| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5285| [36336] Apache Derby lock table privilege escalation
5286| [36335] Apache Derby schema privilege escalation
5287| [36006] Apache Tomcat "
5288| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5289| [35999] Apache Tomcat \"
5290| [35795] Apache Tomcat CookieExample cross-site scripting
5291| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5292| [35384] Apache HTTP Server mod_cache module denial of service
5293| [35097] Apache HTTP Server mod_status module cross-site scripting
5294| [35095] Apache HTTP Server Prefork MPM module denial of service
5295| [34984] Apache HTTP Server recall_headers information disclosure
5296| [34966] Apache HTTP Server MPM content spoofing
5297| [34965] Apache HTTP Server MPM information disclosure
5298| [34963] Apache HTTP Server MPM multiple denial of service
5299| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5300| [34869] Apache Tomcat JSP example Web application cross-site scripting
5301| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5302| [34496] Apache Tomcat JK Connector security bypass
5303| [34377] Apache Tomcat hello.jsp cross-site scripting
5304| [34212] Apache Tomcat SSL configuration security bypass
5305| [34210] Apache Tomcat Accept-Language cross-site scripting
5306| [34209] Apache Tomcat calendar application cross-site scripting
5307| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5308| [34167] Apache Axis WSDL file path disclosure
5309| [34068] Apache Tomcat AJP connector information disclosure
5310| [33584] Apache HTTP Server suEXEC privilege escalation
5311| [32988] Apache Tomcat proxy module directory traversal
5312| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5313| [32708] Debian Apache tty privilege escalation
5314| [32441] ApacheStats extract() PHP call unspecified
5315| [32128] Apache Tomcat default account
5316| [31680] Apache Tomcat RequestParamExample cross-site scripting
5317| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5318| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5319| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5320| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5321| [29550] Apache mod_tcl set_var() format string
5322| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5323| [28357] Apache HTTP Server mod_alias script source information disclosure
5324| [28063] Apache mod_rewrite off-by-one buffer overflow
5325| [27902] Apache Tomcat URL information disclosure
5326| [26786] Apache James SMTP server denial of service
5327| [25680] libapache2 /tmp/svn file upload
5328| [25614] Apache Struts lookupMap cross-site scripting
5329| [25613] Apache Struts ActionForm denial of service
5330| [25612] Apache Struts isCancelled() security bypass
5331| [24965] Apache mod_python FileSession command execution
5332| [24716] Apache James spooler memory leak denial of service
5333| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5334| [24158] Apache Geronimo jsp-examples cross-site scripting
5335| [24030] Apache auth_ldap module multiple format strings
5336| [24008] Apache mod_ssl custom error message denial of service
5337| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5338| [23612] Apache mod_imap referer field cross-site scripting
5339| [23173] Apache Struts error message cross-site scripting
5340| [22942] Apache Tomcat directory listing denial of service
5341| [22858] Apache Multi-Processing Module code allows denial of service
5342| [22602] RHSA-2005:582 updates for Apache httpd not installed
5343| [22520] Apache mod-auth-shadow "
5344| [22466] ApacheTop symlink
5345| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5346| [22006] Apache HTTP Server byte-range filter denial of service
5347| [21567] Apache mod_ssl off-by-one buffer overflow
5348| [21195] Apache HTTP Server header HTTP request smuggling
5349| [20383] Apache HTTP Server htdigest buffer overflow
5350| [19681] Apache Tomcat AJP12 request denial of service
5351| [18993] Apache HTTP server check_forensic symlink attack
5352| [18790] Apache Tomcat Manager cross-site scripting
5353| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5354| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5355| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5356| [17961] Apache Web server ServerTokens has not been set
5357| [17930] Apache HTTP Server HTTP GET request denial of service
5358| [17785] Apache mod_include module buffer overflow
5359| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5360| [17473] Apache HTTP Server Satisfy directive allows access to resources
5361| [17413] Apache htpasswd buffer overflow
5362| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5363| [17382] Apache HTTP Server IPv6 apr_util denial of service
5364| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5365| [17273] Apache HTTP Server speculative mode denial of service
5366| [17200] Apache HTTP Server mod_ssl denial of service
5367| [16890] Apache HTTP Server server-info request has been detected
5368| [16889] Apache HTTP Server server-status request has been detected
5369| [16705] Apache mod_ssl format string attack
5370| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5371| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5372| [16230] Apache HTTP Server PHP denial of service
5373| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5374| [15958] Apache HTTP Server authentication modules memory corruption
5375| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5376| [15540] Apache HTTP Server socket starvation denial of service
5377| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5378| [15422] Apache HTTP Server mod_access information disclosure
5379| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5380| [15293] Apache for Cygwin "
5381| [15065] Apache-SSL has a default password
5382| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5383| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5384| [14751] Apache Mod_python output filter information disclosure
5385| [14125] Apache HTTP Server mod_userdir module information disclosure
5386| [14075] Apache HTTP Server mod_php file descriptor leak
5387| [13703] Apache HTTP Server account
5388| [13689] Apache HTTP Server configuration allows symlinks
5389| [13688] Apache HTTP Server configuration allows SSI
5390| [13687] Apache HTTP Server Server: header value
5391| [13685] Apache HTTP Server ServerTokens value
5392| [13684] Apache HTTP Server ServerSignature value
5393| [13672] Apache HTTP Server config allows directory autoindexing
5394| [13671] Apache HTTP Server default content
5395| [13670] Apache HTTP Server config file directive references outside content root
5396| [13668] Apache HTTP Server httpd not running in chroot environment
5397| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5398| [13664] Apache HTTP Server config file contains ScriptAlias entry
5399| [13663] Apache HTTP Server CGI support modules loaded
5400| [13661] Apache HTTP Server config file contains AddHandler entry
5401| [13660] Apache HTTP Server 500 error page not CGI script
5402| [13659] Apache HTTP Server 413 error page not CGI script
5403| [13658] Apache HTTP Server 403 error page not CGI script
5404| [13657] Apache HTTP Server 401 error page not CGI script
5405| [13552] Apache HTTP Server mod_cgid module information disclosure
5406| [13550] Apache GET request directory traversal
5407| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5408| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5409| [13429] Apache Tomcat non-HTTP request denial of service
5410| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5411| [13295] Apache weak password encryption
5412| [13254] Apache Tomcat .jsp cross-site scripting
5413| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5414| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5415| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5416| [12662] Apache HTTP Server rotatelogs denial of service
5417| [12554] Apache Tomcat stores password in plain text
5418| [12553] Apache HTTP Server redirects and subrequests denial of service
5419| [12552] Apache HTTP Server FTP proxy server denial of service
5420| [12551] Apache HTTP Server prefork MPM denial of service
5421| [12550] Apache HTTP Server weaker than expected encryption
5422| [12549] Apache HTTP Server type-map file denial of service
5423| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5424| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5425| [12091] Apache HTTP Server apr_password_validate denial of service
5426| [12090] Apache HTTP Server apr_psprintf code execution
5427| [11804] Apache HTTP Server mod_access_referer denial of service
5428| [11750] Apache HTTP Server could leak sensitive file descriptors
5429| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5430| [11703] Apache long slash path allows directory listing
5431| [11695] Apache HTTP Server LF (Line Feed) denial of service
5432| [11694] Apache HTTP Server filestat.c denial of service
5433| [11438] Apache HTTP Server MIME message boundaries information disclosure
5434| [11412] Apache HTTP Server error log terminal escape sequence injection
5435| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5436| [11195] Apache Tomcat web.xml could be used to read files
5437| [11194] Apache Tomcat URL appended with a null character could list directories
5438| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5439| [11126] Apache HTTP Server illegal character file disclosure
5440| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5441| [11124] Apache HTTP Server DOS device name denial of service
5442| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5443| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5444| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5445| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5446| [10499] Apache HTTP Server WebDAV HTTP POST view source
5447| [10457] Apache HTTP Server mod_ssl "
5448| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5449| [10414] Apache HTTP Server htdigest multiple buffer overflows
5450| [10413] Apache HTTP Server htdigest temporary file race condition
5451| [10412] Apache HTTP Server htpasswd temporary file race condition
5452| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5453| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5454| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5455| [10280] Apache HTTP Server shared memory scorecard overwrite
5456| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5457| [10241] Apache HTTP Server Host: header cross-site scripting
5458| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5459| [10208] Apache HTTP Server mod_dav denial of service
5460| [10206] HP VVOS Apache mod_ssl denial of service
5461| [10200] Apache HTTP Server stderr denial of service
5462| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5463| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5464| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5465| [10098] Slapper worm targets OpenSSL/Apache systems
5466| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5467| [9875] Apache HTTP Server .var file request could disclose installation path
5468| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5469| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5470| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5471| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5472| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5473| [9396] Apache Tomcat null character to threads denial of service
5474| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5475| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5476| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5477| [8932] Apache Tomcat example class information disclosure
5478| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5479| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5480| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5481| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5482| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5483| [8400] Apache HTTP Server mod_frontpage buffer overflows
5484| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5485| [8308] Apache "
5486| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5487| [8119] Apache and PHP OPTIONS request reveals "
5488| [8054] Apache is running on the system
5489| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5490| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5491| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5492| [7836] Apache HTTP Server log directory denial of service
5493| [7815] Apache for Windows "
5494| [7810] Apache HTTP request could result in unexpected behavior
5495| [7599] Apache Tomcat reveals installation path
5496| [7494] Apache "
5497| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5498| [7363] Apache Web Server hidden HTTP requests
5499| [7249] Apache mod_proxy denial of service
5500| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5501| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5502| [7059] Apache "
5503| [7057] Apache "
5504| [7056] Apache "
5505| [7055] Apache "
5506| [7054] Apache "
5507| [6997] Apache Jakarta Tomcat error message may reveal information
5508| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5509| [6970] Apache crafted HTTP request could reveal the internal IP address
5510| [6921] Apache long slash path allows directory listing
5511| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5512| [6527] Apache Web Server for Windows and OS2 denial of service
5513| [6316] Apache Jakarta Tomcat may reveal JSP source code
5514| [6305] Apache Jakarta Tomcat directory traversal
5515| [5926] Linux Apache symbolic link
5516| [5659] Apache Web server discloses files when used with php script
5517| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5518| [5204] Apache WebDAV directory listings
5519| [5197] Apache Web server reveals CGI script source code
5520| [5160] Apache Jakarta Tomcat default installation
5521| [5099] Trustix Secure Linux installs Apache with world writable access
5522| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5523| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5524| [4931] Apache source.asp example file allows users to write to files
5525| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5526| [4205] Apache Jakarta Tomcat delivers file contents
5527| [2084] Apache on Debian by default serves the /usr/doc directory
5528| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5529| [697] Apache HTTP server beck exploit
5530| [331] Apache cookies buffer overflow
5531|
5532| Exploit-DB - https://www.exploit-db.com:
5533| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5534| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5535| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5536| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5537| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5538| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5539| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5540| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5541| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5542| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5543| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5544| [29859] Apache Roller OGNL Injection
5545| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5546| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5547| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5548| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5549| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5550| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5551| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5552| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5553| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5554| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5555| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5556| [27096] Apache Geronimo 1.0 Error Page XSS
5557| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5558| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5559| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5560| [25986] Plesk Apache Zeroday Remote Exploit
5561| [25980] Apache Struts includeParams Remote Code Execution
5562| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5563| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5564| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5565| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5566| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5567| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5568| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5569| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5570| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5571| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5572| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5573| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5574| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5575| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5576| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5577| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5578| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5579| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5580| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5581| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5582| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5583| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5584| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5585| [21719] Apache 2.0 Path Disclosure Vulnerability
5586| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5587| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5588| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5589| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5590| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5591| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5592| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5593| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5594| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5595| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5596| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5597| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5598| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5599| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5600| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5601| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5602| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5603| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5604| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5605| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5606| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5607| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5608| [20558] Apache 1.2 Web Server DoS Vulnerability
5609| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5610| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5611| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5612| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5613| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5614| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5615| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5616| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5617| [19231] PHP apache_request_headers Function Buffer Overflow
5618| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5619| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5620| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5621| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5622| [18442] Apache httpOnly Cookie Disclosure
5623| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5624| [18221] Apache HTTP Server Denial of Service
5625| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5626| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5627| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5628| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5629| [16782] Apache Win32 Chunked Encoding
5630| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5631| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5632| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5633| [15319] Apache 2.2 (Windows) Local Denial of Service
5634| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5635| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5636| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5637| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5638| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5639| [12330] Apache OFBiz - Multiple XSS
5640| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5641| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5642| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5643| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5644| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5645| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5646| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5647| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5648| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5649| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5650| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5651| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5652| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5653| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5654| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5655| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5656| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5657| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5658| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5659| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5660| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5661| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5662| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5663| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5664| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5665| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5666| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5667| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5668| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5669| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5670| [466] htpasswd Apache 1.3.31 - Local Exploit
5671| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5672| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5673| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5674| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5675| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5676| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5677| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5678| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5679| [9] Apache HTTP Server 2.x Memory Leak Exploit
5680|
5681| OpenVAS (Nessus) - http://www.openvas.org:
5682| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5683| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5684| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5685| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5686| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5687| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5688| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5689| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5690| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5691| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5692| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5693| [900571] Apache APR-Utils Version Detection
5694| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5695| [900496] Apache Tiles Multiple XSS Vulnerability
5696| [900493] Apache Tiles Version Detection
5697| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5698| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5699| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5700| [870175] RedHat Update for apache RHSA-2008:0004-01
5701| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5702| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5703| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5704| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5705| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5706| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5707| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5708| [855821] Solaris Update for Apache 1.3 122912-19
5709| [855812] Solaris Update for Apache 1.3 122911-19
5710| [855737] Solaris Update for Apache 1.3 122911-17
5711| [855731] Solaris Update for Apache 1.3 122912-17
5712| [855695] Solaris Update for Apache 1.3 122911-16
5713| [855645] Solaris Update for Apache 1.3 122912-16
5714| [855587] Solaris Update for kernel update and Apache 108529-29
5715| [855566] Solaris Update for Apache 116973-07
5716| [855531] Solaris Update for Apache 116974-07
5717| [855524] Solaris Update for Apache 2 120544-14
5718| [855494] Solaris Update for Apache 1.3 122911-15
5719| [855478] Solaris Update for Apache Security 114145-11
5720| [855472] Solaris Update for Apache Security 113146-12
5721| [855179] Solaris Update for Apache 1.3 122912-15
5722| [855147] Solaris Update for kernel update and Apache 108528-29
5723| [855077] Solaris Update for Apache 2 120543-14
5724| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5725| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5726| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5727| [841209] Ubuntu Update for apache2 USN-1627-1
5728| [840900] Ubuntu Update for apache2 USN-1368-1
5729| [840798] Ubuntu Update for apache2 USN-1259-1
5730| [840734] Ubuntu Update for apache2 USN-1199-1
5731| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5732| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5733| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5734| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5735| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5736| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5737| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5738| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5739| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5740| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5741| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5742| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5743| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5744| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5745| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5746| [835188] HP-UX Update for Apache HPSBUX02308
5747| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5748| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5749| [835172] HP-UX Update for Apache HPSBUX02365
5750| [835168] HP-UX Update for Apache HPSBUX02313
5751| [835148] HP-UX Update for Apache HPSBUX01064
5752| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5753| [835131] HP-UX Update for Apache HPSBUX00256
5754| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5755| [835104] HP-UX Update for Apache HPSBUX00224
5756| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5757| [835101] HP-UX Update for Apache HPSBUX01232
5758| [835080] HP-UX Update for Apache HPSBUX02273
5759| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5760| [835044] HP-UX Update for Apache HPSBUX01019
5761| [835040] HP-UX Update for Apache PHP HPSBUX00207
5762| [835025] HP-UX Update for Apache HPSBUX00197
5763| [835023] HP-UX Update for Apache HPSBUX01022
5764| [835022] HP-UX Update for Apache HPSBUX02292
5765| [835005] HP-UX Update for Apache HPSBUX02262
5766| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5767| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5768| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5769| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5770| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5771| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5772| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5773| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5774| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5775| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5776| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5777| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5778| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5779| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5780| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5781| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5782| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5783| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5784| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5785| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5786| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5787| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5788| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5789| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5790| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5791| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5792| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5793| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5794| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5795| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5796| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5797| [801942] Apache Archiva Multiple Vulnerabilities
5798| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5799| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5800| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5801| [801284] Apache Derby Information Disclosure Vulnerability
5802| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5803| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5804| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5805| [800680] Apache APR Version Detection
5806| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5807| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5808| [800677] Apache Roller Version Detection
5809| [800279] Apache mod_jk Module Version Detection
5810| [800278] Apache Struts Cross Site Scripting Vulnerability
5811| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5812| [800276] Apache Struts Version Detection
5813| [800271] Apache Struts Directory Traversal Vulnerability
5814| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5815| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5816| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5817| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5818| [103074] Apache Continuum Cross Site Scripting Vulnerability
5819| [103073] Apache Continuum Detection
5820| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5821| [101023] Apache Open For Business Weak Password security check
5822| [101020] Apache Open For Business HTML injection vulnerability
5823| [101019] Apache Open For Business service detection
5824| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5825| [100923] Apache Archiva Detection
5826| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5827| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5828| [100813] Apache Axis2 Detection
5829| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5830| [100795] Apache Derby Detection
5831| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5832| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5833| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5834| [100514] Apache Multiple Security Vulnerabilities
5835| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5836| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5837| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5838| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5839| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5840| [72612] FreeBSD Ports: apache22
5841| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5842| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5843| [71512] FreeBSD Ports: apache
5844| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5845| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5846| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5847| [70737] FreeBSD Ports: apache
5848| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5849| [70600] FreeBSD Ports: apache
5850| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5851| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5852| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5853| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5854| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5855| [67868] FreeBSD Ports: apache
5856| [66816] FreeBSD Ports: apache
5857| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5858| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5859| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5860| [66081] SLES11: Security update for Apache 2
5861| [66074] SLES10: Security update for Apache 2
5862| [66070] SLES9: Security update for Apache 2
5863| [65998] SLES10: Security update for apache2-mod_python
5864| [65893] SLES10: Security update for Apache 2
5865| [65888] SLES10: Security update for Apache 2
5866| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5867| [65510] SLES9: Security update for Apache 2
5868| [65472] SLES9: Security update for Apache
5869| [65467] SLES9: Security update for Apache
5870| [65450] SLES9: Security update for apache2
5871| [65390] SLES9: Security update for Apache2
5872| [65363] SLES9: Security update for Apache2
5873| [65309] SLES9: Security update for Apache and mod_ssl
5874| [65296] SLES9: Security update for webdav apache module
5875| [65283] SLES9: Security update for Apache2
5876| [65249] SLES9: Security update for Apache 2
5877| [65230] SLES9: Security update for Apache 2
5878| [65228] SLES9: Security update for Apache 2
5879| [65212] SLES9: Security update for apache2-mod_python
5880| [65209] SLES9: Security update for apache2-worker
5881| [65207] SLES9: Security update for Apache 2
5882| [65168] SLES9: Security update for apache2-mod_python
5883| [65142] SLES9: Security update for Apache2
5884| [65136] SLES9: Security update for Apache 2
5885| [65132] SLES9: Security update for apache
5886| [65131] SLES9: Security update for Apache 2 oes/CORE
5887| [65113] SLES9: Security update for apache2
5888| [65072] SLES9: Security update for apache and mod_ssl
5889| [65017] SLES9: Security update for Apache 2
5890| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5891| [64783] FreeBSD Ports: apache
5892| [64774] Ubuntu USN-802-2 (apache2)
5893| [64653] Ubuntu USN-813-2 (apache2)
5894| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5895| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5896| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5897| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5898| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5899| [64443] Ubuntu USN-802-1 (apache2)
5900| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5901| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5902| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5903| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5904| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5905| [64201] Ubuntu USN-787-1 (apache2)
5906| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5907| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5908| [63565] FreeBSD Ports: apache
5909| [63562] Ubuntu USN-731-1 (apache2)
5910| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5911| [61185] FreeBSD Ports: apache
5912| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5913| [60387] Slackware Advisory SSA:2008-045-02 apache
5914| [58826] FreeBSD Ports: apache-tomcat
5915| [58825] FreeBSD Ports: apache-tomcat
5916| [58804] FreeBSD Ports: apache
5917| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5918| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5919| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5920| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5921| [57335] Debian Security Advisory DSA 1167-1 (apache)
5922| [57201] Debian Security Advisory DSA 1131-1 (apache)
5923| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5924| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5925| [57145] FreeBSD Ports: apache
5926| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5927| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5928| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5929| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5930| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5931| [56067] FreeBSD Ports: apache
5932| [55803] Slackware Advisory SSA:2005-310-04 apache
5933| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5934| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5935| [55355] FreeBSD Ports: apache
5936| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5937| [55261] Debian Security Advisory DSA 805-1 (apache2)
5938| [55259] Debian Security Advisory DSA 803-1 (apache)
5939| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5940| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5941| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5942| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5943| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5944| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5945| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5946| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5947| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5948| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5949| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5950| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5951| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5952| [54439] FreeBSD Ports: apache
5953| [53931] Slackware Advisory SSA:2004-133-01 apache
5954| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5955| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5956| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5957| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5958| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5959| [53848] Debian Security Advisory DSA 131-1 (apache)
5960| [53784] Debian Security Advisory DSA 021-1 (apache)
5961| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5962| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5963| [53735] Debian Security Advisory DSA 187-1 (apache)
5964| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5965| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5966| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5967| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5968| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5969| [53282] Debian Security Advisory DSA 594-1 (apache)
5970| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5971| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5972| [53215] Debian Security Advisory DSA 525-1 (apache)
5973| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5974| [52529] FreeBSD Ports: apache+ssl
5975| [52501] FreeBSD Ports: apache
5976| [52461] FreeBSD Ports: apache
5977| [52390] FreeBSD Ports: apache
5978| [52389] FreeBSD Ports: apache
5979| [52388] FreeBSD Ports: apache
5980| [52383] FreeBSD Ports: apache
5981| [52339] FreeBSD Ports: apache+mod_ssl
5982| [52331] FreeBSD Ports: apache
5983| [52329] FreeBSD Ports: ru-apache+mod_ssl
5984| [52314] FreeBSD Ports: apache
5985| [52310] FreeBSD Ports: apache
5986| [15588] Detect Apache HTTPS
5987| [15555] Apache mod_proxy content-length buffer overflow
5988| [15554] Apache mod_include priviledge escalation
5989| [14771] Apache <= 1.3.33 htpasswd local overflow
5990| [14177] Apache mod_access rule bypass
5991| [13644] Apache mod_rootme Backdoor
5992| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5993| [12280] Apache Connection Blocking Denial of Service
5994| [12239] Apache Error Log Escape Sequence Injection
5995| [12123] Apache Tomcat source.jsp malformed request information disclosure
5996| [12085] Apache Tomcat servlet/JSP container default files
5997| [11438] Apache Tomcat Directory Listing and File disclosure
5998| [11204] Apache Tomcat Default Accounts
5999| [11092] Apache 2.0.39 Win32 directory traversal
6000| [11046] Apache Tomcat TroubleShooter Servlet Installed
6001| [11042] Apache Tomcat DOS Device Name XSS
6002| [11041] Apache Tomcat /servlet Cross Site Scripting
6003| [10938] Apache Remote Command Execution via .bat files
6004| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6005| [10773] MacOS X Finder reveals contents of Apache Web files
6006| [10766] Apache UserDir Sensitive Information Disclosure
6007| [10756] MacOS X Finder reveals contents of Apache Web directories
6008| [10752] Apache Auth Module SQL Insertion Attack
6009| [10704] Apache Directory Listing
6010| [10678] Apache /server-info accessible
6011| [10677] Apache /server-status accessible
6012| [10440] Check for Apache Multiple / vulnerability
6013|
6014| SecurityTracker - https://www.securitytracker.com:
6015| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6016| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6017| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6018| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6019| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6020| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6021| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6022| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6023| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6024| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6025| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6026| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6027| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6028| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6029| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6030| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6031| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6032| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6033| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6034| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6035| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6036| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6037| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6038| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6039| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6040| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6041| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6042| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6043| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6044| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6045| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6046| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6047| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6048| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6049| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6050| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6051| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6052| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6053| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6054| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6055| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6056| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6057| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6058| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6059| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6060| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6061| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6062| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6063| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6064| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6065| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6066| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6067| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6068| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6069| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6070| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6071| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6072| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6073| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6074| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6075| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6076| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6077| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6078| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6079| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6080| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6081| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6082| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6083| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6084| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6085| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6086| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6087| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6088| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6089| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6090| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6091| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6092| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6093| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6094| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6095| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6096| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6097| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6098| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6099| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6100| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6101| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6102| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6103| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6104| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6105| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6106| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6107| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6108| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6109| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6110| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6111| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6112| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6113| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6114| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6115| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6116| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6117| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6118| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6119| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6120| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6121| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6122| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6123| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6124| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6125| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6126| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6127| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6128| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6129| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6130| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6131| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6132| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6133| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6134| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6135| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6136| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6137| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6138| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6139| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6140| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6141| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6142| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6143| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6144| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6145| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6146| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6147| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6148| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6149| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6150| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6151| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6152| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6153| [1008920] Apache mod_digest May Validate Replayed Client Responses
6154| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6155| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6156| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6157| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6158| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6159| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6160| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6161| [1008029] Apache mod_alias Contains a Buffer Overflow
6162| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6163| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6164| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6165| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6166| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6167| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6168| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6169| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6170| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6171| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6172| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6173| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6174| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6175| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6176| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6177| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6178| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6179| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6180| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6181| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6182| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6183| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6184| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6185| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6186| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6187| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6188| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6189| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6190| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6191| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6192| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6193| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6194| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6195| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6196| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6197| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6198| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6199| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6200| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6201| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6202| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6203| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6204| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6205| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6206| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6207| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6208| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6209| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6210| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6211| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6212| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6213| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6214| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6215| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6216| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6217| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6218|
6219| OSVDB - http://www.osvdb.org:
6220| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6221| [96077] Apache CloudStack Global Settings Multiple Field XSS
6222| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6223| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6224| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6225| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6226| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6227| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6228| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6229| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6230| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6231| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6232| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6233| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6234| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6235| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6236| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6237| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6238| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6239| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6240| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6241| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6242| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6243| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6244| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6245| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6246| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6247| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6248| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6249| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6250| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6251| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6252| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6253| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6254| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6255| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6256| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6257| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6258| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6259| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6260| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6261| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6262| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6263| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6264| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6265| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6266| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6267| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6268| [94279] Apache Qpid CA Certificate Validation Bypass
6269| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6270| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6271| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6272| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6273| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6274| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6275| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6276| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6277| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6278| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6279| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6280| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6281| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6282| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6283| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6284| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6285| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6286| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6287| [93541] Apache Solr json.wrf Callback XSS
6288| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6289| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6290| [93520] Apache CloudStack Default SSL Key Weakness
6291| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6292| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6293| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6294| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6295| [93515] Apache HBase table.jsp name Parameter XSS
6296| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6297| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6298| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6299| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6300| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6301| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6302| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6303| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6304| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6305| [93252] Apache Tomcat FORM Authenticator Session Fixation
6306| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6307| [93171] Apache Sling HtmlResponse Error Message XSS
6308| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6309| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6310| [93168] Apache Click ErrorReport.java id Parameter XSS
6311| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6312| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6313| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6314| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6315| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6316| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6317| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6318| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6319| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6320| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6321| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6322| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6323| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6324| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6325| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6326| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6327| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6328| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6329| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6330| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6331| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6332| [93144] Apache Solr Admin Command Execution CSRF
6333| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6334| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6335| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6336| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6337| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6338| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6339| [92748] Apache CloudStack VM Console Access Restriction Bypass
6340| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6341| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6342| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6343| [92706] Apache ActiveMQ Debug Log Rendering XSS
6344| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6345| [92270] Apache Tomcat Unspecified CSRF
6346| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6347| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6348| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6349| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6350| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6351| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6352| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6353| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6354| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6355| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6356| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6357| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6358| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6359| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6360| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6361| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6362| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6363| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6364| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6365| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6366| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6367| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6368| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6369| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6370| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6371| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6372| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6373| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6374| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6375| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6376| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6377| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6378| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6379| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6380| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6381| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6382| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6383| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6384| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6385| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6386| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6387| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6388| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6389| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6390| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6391| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6392| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6393| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6394| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6395| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6396| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6397| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6398| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6399| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6400| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6401| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6402| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6403| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6404| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6405| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6406| [86901] Apache Tomcat Error Message Path Disclosure
6407| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6408| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6409| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6410| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6411| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6412| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6413| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6414| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6415| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6416| [85430] Apache mod_pagespeed Module Unspecified XSS
6417| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6418| [85249] Apache Wicket Unspecified XSS
6419| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6420| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6421| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6422| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6423| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6424| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6425| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6426| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6427| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6428| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6429| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6430| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6431| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6432| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6433| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6434| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6435| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6436| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6437| [83339] Apache Roller Blogger Roll Unspecified XSS
6438| [83270] Apache Roller Unspecified Admin Action CSRF
6439| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6440| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6441| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6442| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6443| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6444| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6445| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6446| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6447| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6448| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6449| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6450| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6451| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6452| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6453| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6454| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6455| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6456| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6457| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6458| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6459| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6460| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6461| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6462| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6463| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6464| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6465| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6466| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6467| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6468| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6469| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6470| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6471| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6472| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6473| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6474| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6475| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6476| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6477| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6478| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6479| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6480| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6481| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6482| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6483| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6484| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6485| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6486| [77593] Apache Struts Conversion Error OGNL Expression Injection
6487| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6488| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6489| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6490| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6491| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6492| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6493| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6494| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6495| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6496| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6497| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6498| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6499| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6500| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6501| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6502| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6503| [74725] Apache Wicket Multi Window Support Unspecified XSS
6504| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6505| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6506| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6507| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6508| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6509| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6510| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6511| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6512| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6513| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6514| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6515| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6516| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6517| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6518| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6519| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6520| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6521| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6522| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6523| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6524| [73154] Apache Archiva Multiple Unspecified CSRF
6525| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6526| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6527| [72238] Apache Struts Action / Method Names <
6528| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6529| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6530| [71557] Apache Tomcat HTML Manager Multiple XSS
6531| [71075] Apache Archiva User Management Page XSS
6532| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6533| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6534| [70924] Apache Continuum Multiple Admin Function CSRF
6535| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6536| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6537| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6538| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6539| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6540| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6541| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6542| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6543| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6544| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6545| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6546| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6547| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6548| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6549| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6550| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6551| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6552| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6553| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6554| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6555| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6556| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6557| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6558| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6559| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6560| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6561| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6562| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6563| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6564| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6565| [65054] Apache ActiveMQ Jetty Error Handler XSS
6566| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6567| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6568| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6569| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6570| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6571| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6572| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6573| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6574| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6575| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6576| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6577| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6578| [63895] Apache HTTP Server mod_headers Unspecified Issue
6579| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6580| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6581| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6582| [63140] Apache Thrift Service Malformed Data Remote DoS
6583| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6584| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6585| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6586| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6587| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6588| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6589| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6590| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6591| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6592| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6593| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6594| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6595| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6596| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6597| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6598| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6599| [60678] Apache Roller Comment Email Notification Manipulation DoS
6600| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6601| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6602| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6603| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6604| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6605| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6606| [60232] PHP on Apache php.exe Direct Request Remote DoS
6607| [60176] Apache Tomcat Windows Installer Admin Default Password
6608| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6609| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6610| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6611| [59944] Apache Hadoop jobhistory.jsp XSS
6612| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6613| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6614| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6615| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6616| [59019] Apache mod_python Cookie Salting Weakness
6617| [59018] Apache Harmony Error Message Handling Overflow
6618| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6619| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6620| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6621| [59010] Apache Solr get-file.jsp XSS
6622| [59009] Apache Solr action.jsp XSS
6623| [59008] Apache Solr analysis.jsp XSS
6624| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6625| [59006] Apache Beehive select / checkbox Tag XSS
6626| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6627| [59004] Apache Beehive Error Message XSS
6628| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6629| [59002] Apache Jetspeed default-page.psml URI XSS
6630| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6631| [59000] Apache CXF Unsigned Message Policy Bypass
6632| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6633| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6634| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6635| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6636| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6637| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6638| [58993] Apache Hadoop browseBlock.jsp XSS
6639| [58991] Apache Hadoop browseDirectory.jsp XSS
6640| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6641| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6642| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6643| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6644| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6645| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6646| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6647| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6648| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6649| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6650| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6651| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6652| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6653| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6654| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6655| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6656| [58974] Apache Sling /apps Script User Session Management Access Weakness
6657| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6658| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6659| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6660| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6661| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6662| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6663| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6664| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6665| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6666| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6667| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6668| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6669| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6670| [58805] Apache Derby Unauthenticated Database / Admin Access
6671| [58804] Apache Wicket Header Contribution Unspecified Issue
6672| [58803] Apache Wicket Session Fixation
6673| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6674| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6675| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6676| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6677| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6678| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6679| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6680| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6681| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6682| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6683| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6684| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6685| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6686| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6687| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6688| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6689| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6690| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6691| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6692| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6693| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6694| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6695| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6696| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6697| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6698| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6699| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6700| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6701| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6702| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6703| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6704| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6705| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6706| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6707| [58755] Apache Harmony DRLVM Non-public Class Member Access
6708| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6709| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6710| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6711| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6712| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6713| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6714| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6715| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6716| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6717| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6718| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6719| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6720| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6721| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6722| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6723| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6724| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6725| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6726| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6727| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6728| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6729| [58724] Apache Roller Logout Functionality Failure Session Persistence
6730| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6731| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6732| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6733| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6734| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6735| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6736| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6737| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6738| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6739| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6740| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6741| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6742| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6743| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6744| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6745| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6746| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6747| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6748| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6749| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6750| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6751| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6752| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6753| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6754| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6755| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6756| [58687] Apache Axis Invalid wsdl Request XSS
6757| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6758| [58685] Apache Velocity Template Designer Privileged Code Execution
6759| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6760| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6761| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6762| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6763| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6764| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6765| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6766| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6767| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6768| [58667] Apache Roller Database Cleartext Passwords Disclosure
6769| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6770| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6771| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6772| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6773| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6774| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6775| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6776| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6777| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6778| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6779| [56984] Apache Xerces2 Java Malformed XML Input DoS
6780| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6781| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6782| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6783| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6784| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6785| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6786| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6787| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6788| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6789| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6790| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6791| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6792| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6793| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6794| [55056] Apache Tomcat Cross-application TLD File Manipulation
6795| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6796| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6797| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6798| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6799| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6800| [54589] Apache Jserv Nonexistent JSP Request XSS
6801| [54122] Apache Struts s:a / s:url Tag href Element XSS
6802| [54093] Apache ActiveMQ Web Console JMS Message XSS
6803| [53932] Apache Geronimo Multiple Admin Function CSRF
6804| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6805| [53930] Apache Geronimo /console/portal/ URI XSS
6806| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6807| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6808| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6809| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6810| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6811| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6812| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6813| [53380] Apache Struts Unspecified XSS
6814| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6815| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6816| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6817| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6818| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6819| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6820| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6821| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6822| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6823| [51151] Apache Roller Search Function q Parameter XSS
6824| [50482] PHP with Apache php_value Order Unspecified Issue
6825| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6826| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6827| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6828| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6829| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6830| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6831| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6832| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6833| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6834| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6835| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6836| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6837| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6838| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6839| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6840| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6841| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6842| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6843| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6844| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6845| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6846| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6847| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6848| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6849| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6850| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6851| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6852| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6853| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6854| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6855| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6856| [43452] Apache Tomcat HTTP Request Smuggling
6857| [43309] Apache Geronimo LoginModule Login Method Bypass
6858| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6859| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6860| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6861| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6862| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6863| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6864| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6865| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6866| [42091] Apache Maven Site Plugin Installation Permission Weakness
6867| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6868| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6869| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6870| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6871| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6872| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6873| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6874| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6875| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6876| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6877| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6878| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6879| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6880| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6881| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6882| [40262] Apache HTTP Server mod_status refresh XSS
6883| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6884| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6885| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6886| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6887| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6888| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6889| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6890| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6891| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6892| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6893| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6894| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6895| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6896| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6897| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6898| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6899| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6900| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6901| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6902| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6903| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6904| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6905| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6906| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6907| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6908| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6909| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6910| [36079] Apache Tomcat Manager Uploaded Filename XSS
6911| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6912| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6913| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6914| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6915| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6916| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6917| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6918| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6919| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6920| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6921| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6922| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6923| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6924| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6925| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6926| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6927| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6928| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6929| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6930| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6931| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6932| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6933| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6934| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6935| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6936| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6937| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6938| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6939| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6940| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6941| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6942| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6943| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6944| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6945| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6946| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6947| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6948| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6949| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6950| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6951| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6952| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6953| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6954| [24365] Apache Struts Multiple Function Error Message XSS
6955| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6956| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6957| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6958| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6959| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6960| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6961| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6962| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6963| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6964| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6965| [22459] Apache Geronimo Error Page XSS
6966| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6967| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6968| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6969| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6970| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6971| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6972| [21021] Apache Struts Error Message XSS
6973| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6974| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6975| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6976| [20439] Apache Tomcat Directory Listing Saturation DoS
6977| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6978| [20285] Apache HTTP Server Log File Control Character Injection
6979| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6980| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6981| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6982| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6983| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6984| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6985| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6986| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6987| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6988| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6989| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6990| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6991| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6992| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6993| [18233] Apache HTTP Server htdigest user Variable Overfow
6994| [17738] Apache HTTP Server HTTP Request Smuggling
6995| [16586] Apache HTTP Server Win32 GET Overflow DoS
6996| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6997| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6998| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6999| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7000| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7001| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7002| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7003| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7004| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7005| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7006| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7007| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7008| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7009| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7010| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7011| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7012| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7013| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7014| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7015| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7016| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7017| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7018| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7019| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7020| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7021| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7022| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7023| [13304] Apache Tomcat realPath.jsp Path Disclosure
7024| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7025| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7026| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7027| [12848] Apache HTTP Server htdigest realm Variable Overflow
7028| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7029| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7030| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7031| [12557] Apache HTTP Server prefork MPM accept Error DoS
7032| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7033| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7034| [12231] Apache Tomcat web.xml Arbitrary File Access
7035| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7036| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7037| [12178] Apache Jakarta Lucene results.jsp XSS
7038| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7039| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7040| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7041| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7042| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7043| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7044| [10471] Apache Xerces-C++ XML Parser DoS
7045| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7046| [10068] Apache HTTP Server htpasswd Local Overflow
7047| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7048| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7049| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7050| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7051| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7052| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7053| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7054| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7055| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7056| [9714] Apache Authentication Module Threaded MPM DoS
7057| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7058| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7059| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7060| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7061| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7062| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7063| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7064| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7065| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7066| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7067| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7068| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7069| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7070| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7071| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7072| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7073| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7074| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7075| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7076| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7077| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7078| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7079| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7080| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7081| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7082| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7083| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7084| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7085| [9208] Apache Tomcat .jsp Encoded Newline XSS
7086| [9204] Apache Tomcat ROOT Application XSS
7087| [9203] Apache Tomcat examples Application XSS
7088| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7089| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7090| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7091| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7092| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7093| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7094| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7095| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7096| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7097| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7098| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7099| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7100| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7101| [7611] Apache HTTP Server mod_alias Local Overflow
7102| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7103| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7104| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7105| [6882] Apache mod_python Malformed Query String Variant DoS
7106| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7107| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7108| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7109| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7110| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7111| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7112| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7113| [5278] Apache Tomcat web.xml Restriction Bypass
7114| [5051] Apache Tomcat Null Character DoS
7115| [4973] Apache Tomcat servlet Mapping XSS
7116| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7117| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7118| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7119| [4568] mod_survey For Apache ENV Tags SQL Injection
7120| [4553] Apache HTTP Server ApacheBench Overflow DoS
7121| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7122| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7123| [4383] Apache HTTP Server Socket Race Condition DoS
7124| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7125| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7126| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7127| [4231] Apache Cocoon Error Page Server Path Disclosure
7128| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7129| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7130| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7131| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7132| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7133| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7134| [3322] mod_php for Apache HTTP Server Process Hijack
7135| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7136| [2885] Apache mod_python Malformed Query String DoS
7137| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7138| [2733] Apache HTTP Server mod_rewrite Local Overflow
7139| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7140| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7141| [2149] Apache::Gallery Privilege Escalation
7142| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7143| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7144| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7145| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7146| [872] Apache Tomcat Multiple Default Accounts
7147| [862] Apache HTTP Server SSI Error Page XSS
7148| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7149| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7150| [845] Apache Tomcat MSDOS Device XSS
7151| [844] Apache Tomcat Java Servlet Error Page XSS
7152| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7153| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7154| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7155| [775] Apache mod_python Module Importing Privilege Function Execution
7156| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7157| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7158| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7159| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7160| [637] Apache HTTP Server UserDir Directive Username Enumeration
7161| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7162| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7163| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7164| [561] Apache Web Servers mod_status /server-status Information Disclosure
7165| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7166| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7167| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7168| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7169| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7170| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7171| [376] Apache Tomcat contextAdmin Arbitrary File Access
7172| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7173| [222] Apache HTTP Server test-cgi Arbitrary File Access
7174| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7175| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7176|_
7177110/tcp open pop3 Dovecot pop3d
7178| vulscan: VulDB - https://vuldb.com:
7179| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
7180| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
7181| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
7182| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
7183| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
7184| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
7185| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
7186| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
7187| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
7188| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
7189| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
7190| [69835] Dovecot 2.2.0/2.2.1 denial of service
7191| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
7192| [65684] Dovecot up to 2.2.6 unknown vulnerability
7193| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
7194| [63692] Dovecot up to 2.0.15 spoofing
7195| [7062] Dovecot 2.1.10 mail-search.c denial of service
7196| [57517] Dovecot up to 2.0.12 Login directory traversal
7197| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
7198| [57515] Dovecot up to 2.0.12 Crash denial of service
7199| [54944] Dovecot up to 1.2.14 denial of service
7200| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
7201| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
7202| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
7203| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
7204| [53277] Dovecot up to 1.2.10 denial of service
7205| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
7206| [45256] Dovecot up to 1.1.5 directory traversal
7207| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
7208| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7209| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7210| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
7211| [40356] Dovecot 1.0.9 Cache unknown vulnerability
7212| [38222] Dovecot 1.0.2 directory traversal
7213| [36376] Dovecot up to 1.0.x directory traversal
7214| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
7215|
7216| MITRE CVE - https://cve.mitre.org:
7217| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
7218| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
7219| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
7220| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
7221| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
7222| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
7223| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
7224| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7225| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7226| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
7227| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
7228| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
7229| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
7230| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
7231| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
7232| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
7233| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
7234| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
7235| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
7236| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
7237| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7238| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
7239| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
7240| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
7241| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
7242| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
7243| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
7244| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7245| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7246| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
7247| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7248| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
7249| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
7250| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
7251| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
7252| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
7253| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7254|
7255| SecurityFocus - https://www.securityfocus.com/bid/:
7256| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
7257| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
7258| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
7259| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
7260| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
7261| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
7262| [67306] Dovecot Denial of Service Vulnerability
7263| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
7264| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
7265| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
7266| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
7267| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
7268| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
7269| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
7270| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
7271| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
7272| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
7273| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
7274| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
7275| [39838] tpop3d Remote Denial of Service Vulnerability
7276| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
7277| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
7278| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
7279| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
7280| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
7281| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
7282| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
7283| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
7284| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
7285| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
7286| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
7287| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
7288| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
7289| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
7290| [17961] Dovecot Remote Information Disclosure Vulnerability
7291| [16672] Dovecot Double Free Denial of Service Vulnerability
7292| [8495] akpop3d User Name SQL Injection Vulnerability
7293| [8473] Vpop3d Remote Denial Of Service Vulnerability
7294| [3990] ZPop3D Bad Login Logging Failure Vulnerability
7295| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
7296|
7297| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7298| [86382] Dovecot POP3 Service denial of service
7299| [84396] Dovecot IMAP APPEND denial of service
7300| [80453] Dovecot mail-search.c denial of service
7301| [71354] Dovecot SSL Common Name (CN) weak security
7302| [67675] Dovecot script-login security bypass
7303| [67674] Dovecot script-login directory traversal
7304| [67589] Dovecot header name denial of service
7305| [63267] Apple Mac OS X Dovecot information disclosure
7306| [62340] Dovecot mailbox security bypass
7307| [62339] Dovecot IMAP or POP3 denial of service
7308| [62256] Dovecot mailbox security bypass
7309| [62255] Dovecot ACL entry security bypass
7310| [60639] Dovecot ACL plugin weak security
7311| [57267] Apple Mac OS X Dovecot Kerberos security bypass
7312| [56763] Dovecot header denial of service
7313| [54363] Dovecot base_dir privilege escalation
7314| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
7315| [46323] Dovecot dovecot.conf information disclosure
7316| [46227] Dovecot message parsing denial of service
7317| [45669] Dovecot ACL mailbox security bypass
7318| [45667] Dovecot ACL plugin rights security bypass
7319| [41085] Dovecot TAB characters authentication bypass
7320| [41009] Dovecot mail_extra_groups option unauthorized access
7321| [39342] Dovecot LDAP auth cache configuration security bypass
7322| [35767] Dovecot ACL plugin security bypass
7323| [34082] Dovecot mbox-storage.c directory traversal
7324| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
7325| [26578] Cyrus IMAP pop3d buffer overflow
7326| [26536] Dovecot IMAP LIST information disclosure
7327| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
7328| [24709] Dovecot APPEND command denial of service
7329| [13018] akpop3d authentication code SQL injection
7330| [7345] Slackware Linux imapd and ipop3d core dump
7331| [6269] imap, ipop2d and ipop3d buffer overflows
7332| [5923] Linuxconf vpop3d symbolic link
7333| [4918] IPOP3D, Buffer overflow attack
7334| [1560] IPOP3D, user login successful
7335| [1559] IPOP3D user login to remote host successful
7336| [1525] IPOP3D, user logout
7337| [1524] IPOP3D, user auto-logout
7338| [1523] IPOP3D, user login failure
7339| [1522] IPOP3D, brute force attack
7340| [1521] IPOP3D, user kiss of death logout
7341| [418] pop3d mktemp creates insecure temporary files
7342|
7343| Exploit-DB - https://www.exploit-db.com:
7344| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
7345| [23053] Vpop3d Remote Denial of Service Vulnerability
7346| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
7347| [11893] tPop3d 1.5.3 DoS
7348| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
7349| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
7350| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
7351| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
7352|
7353| OpenVAS (Nessus) - http://www.openvas.org:
7354| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
7355| [901025] Dovecot Version Detection
7356| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
7357| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
7358| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
7359| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
7360| [870607] RedHat Update for dovecot RHSA-2011:0600-01
7361| [870471] RedHat Update for dovecot RHSA-2011:1187-01
7362| [870153] RedHat Update for dovecot RHSA-2008:0297-02
7363| [863272] Fedora Update for dovecot FEDORA-2011-7612
7364| [863115] Fedora Update for dovecot FEDORA-2011-7258
7365| [861525] Fedora Update for dovecot FEDORA-2007-664
7366| [861394] Fedora Update for dovecot FEDORA-2007-493
7367| [861333] Fedora Update for dovecot FEDORA-2007-1485
7368| [860845] Fedora Update for dovecot FEDORA-2008-9202
7369| [860663] Fedora Update for dovecot FEDORA-2008-2475
7370| [860169] Fedora Update for dovecot FEDORA-2008-2464
7371| [860089] Fedora Update for dovecot FEDORA-2008-9232
7372| [840950] Ubuntu Update for dovecot USN-1295-1
7373| [840668] Ubuntu Update for dovecot USN-1143-1
7374| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
7375| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
7376| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
7377| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
7378| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
7379| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
7380| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
7381| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
7382| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
7383| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
7384| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
7385| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
7386| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
7387| [70259] FreeBSD Ports: dovecot
7388| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
7389| [66522] FreeBSD Ports: dovecot
7390| [65010] Ubuntu USN-838-1 (dovecot)
7391| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
7392| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
7393| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
7394| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
7395| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
7396| [62854] FreeBSD Ports: dovecot-managesieve
7397| [61916] FreeBSD Ports: dovecot
7398| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
7399| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
7400| [60528] FreeBSD Ports: dovecot
7401| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
7402| [60089] FreeBSD Ports: dovecot
7403| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
7404| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
7405|
7406| SecurityTracker - https://www.securitytracker.com:
7407| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
7408| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
7409| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
7410|
7411| OSVDB - http://www.osvdb.org:
7412| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
7413| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
7414| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
7415| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
7416| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
7417| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
7418| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
7419| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
7420| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
7421| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
7422| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
7423| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
7424| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
7425| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
7426| [66113] Dovecot Mail Root Directory Creation Permission Weakness
7427| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
7428| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
7429| [66110] Dovecot Multiple Unspecified Buffer Overflows
7430| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
7431| [64783] Dovecot E-mail Message Header Unspecified DoS
7432| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
7433| [62796] Dovecot mbox Format Email Header Handling DoS
7434| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
7435| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
7436| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
7437| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
7438| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
7439| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
7440| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
7441| [43137] Dovecot mail_extra_groups Symlink File Manipulation
7442| [42979] Dovecot passdbs Argument Injection Authentication Bypass
7443| [39876] Dovecot LDAP Auth Cache Security Bypass
7444| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
7445| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
7446| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
7447| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7448| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
7449| [23281] Dovecot imap/pop3-login dovecot-auth DoS
7450| [23280] Dovecot Malformed APPEND Command DoS
7451| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
7452| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7453| [5857] Linux pop3d Arbitrary Mail File Access
7454| [2471] akpop3d username SQL Injection
7455|_
7456143/tcp open imap Dovecot imapd
7457| vulscan: VulDB - https://vuldb.com:
7458| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
7459| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
7460| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
7461| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
7462| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
7463| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
7464| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
7465| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
7466| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
7467| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
7468| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
7469| [69835] Dovecot 2.2.0/2.2.1 denial of service
7470| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
7471| [65684] Dovecot up to 2.2.6 unknown vulnerability
7472| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
7473| [63692] Dovecot up to 2.0.15 spoofing
7474| [7062] Dovecot 2.1.10 mail-search.c denial of service
7475| [59792] Cyrus IMAPd 2.4.11 weak authentication
7476| [57517] Dovecot up to 2.0.12 Login directory traversal
7477| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
7478| [57515] Dovecot up to 2.0.12 Crash denial of service
7479| [54944] Dovecot up to 1.2.14 denial of service
7480| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
7481| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
7482| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
7483| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
7484| [53277] Dovecot up to 1.2.10 denial of service
7485| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
7486| [45256] Dovecot up to 1.1.5 directory traversal
7487| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
7488| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7489| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7490| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
7491| [40356] Dovecot 1.0.9 Cache unknown vulnerability
7492| [38222] Dovecot 1.0.2 directory traversal
7493| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
7494| [36376] Dovecot up to 1.0.x directory traversal
7495| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
7496| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
7497|
7498| MITRE CVE - https://cve.mitre.org:
7499| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
7500| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
7501| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
7502| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
7503| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
7504| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
7505| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
7506| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
7507| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
7508| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
7509| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7510| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7511| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
7512| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
7513| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
7514| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
7515| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
7516| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
7517| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
7518| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
7519| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
7520| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
7521| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7522| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
7523| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
7524| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
7525| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
7526| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
7527| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
7528| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
7529| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
7530| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
7531| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7532| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
7533| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
7534| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7535| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
7536| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
7537| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
7538| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
7539| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
7540| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7541| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
7542| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
7543| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
7544| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
7545| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
7546| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
7547| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
7548| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
7549| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
7550| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
7551| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
7552| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
7553| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
7554| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
7555| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
7556| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7557| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
7558|
7559| SecurityFocus - https://www.securityfocus.com/bid/:
7560| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
7561| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
7562| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
7563| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
7564| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
7565| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
7566| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
7567| [67306] Dovecot Denial of Service Vulnerability
7568| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
7569| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
7570| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
7571| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
7572| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
7573| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
7574| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
7575| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
7576| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
7577| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
7578| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
7579| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
7580| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
7581| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
7582| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
7583| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
7584| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
7585| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
7586| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
7587| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
7588| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
7589| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
7590| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
7591| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
7592| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
7593| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
7594| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
7595| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
7596| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
7597| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
7598| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
7599| [17961] Dovecot Remote Information Disclosure Vulnerability
7600| [16672] Dovecot Double Free Denial of Service Vulnerability
7601| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
7602| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
7603| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
7604| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
7605| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
7606| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
7607| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
7608| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
7609| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
7610| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
7611| [130] imapd Buffer Overflow Vulnerability
7612|
7613| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7614| [86382] Dovecot POP3 Service denial of service
7615| [84396] Dovecot IMAP APPEND denial of service
7616| [80453] Dovecot mail-search.c denial of service
7617| [71354] Dovecot SSL Common Name (CN) weak security
7618| [70325] Cyrus IMAPd NNTP security bypass
7619| [67675] Dovecot script-login security bypass
7620| [67674] Dovecot script-login directory traversal
7621| [67589] Dovecot header name denial of service
7622| [63267] Apple Mac OS X Dovecot information disclosure
7623| [62340] Dovecot mailbox security bypass
7624| [62339] Dovecot IMAP or POP3 denial of service
7625| [62256] Dovecot mailbox security bypass
7626| [62255] Dovecot ACL entry security bypass
7627| [60639] Dovecot ACL plugin weak security
7628| [57267] Apple Mac OS X Dovecot Kerberos security bypass
7629| [56763] Dovecot header denial of service
7630| [54363] Dovecot base_dir privilege escalation
7631| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
7632| [47526] UW-imapd rfc822_output_char() denial of service
7633| [46323] Dovecot dovecot.conf information disclosure
7634| [46227] Dovecot message parsing denial of service
7635| [45669] Dovecot ACL mailbox security bypass
7636| [45667] Dovecot ACL plugin rights security bypass
7637| [41085] Dovecot TAB characters authentication bypass
7638| [41009] Dovecot mail_extra_groups option unauthorized access
7639| [39342] Dovecot LDAP auth cache configuration security bypass
7640| [35767] Dovecot ACL plugin security bypass
7641| [34082] Dovecot mbox-storage.c directory traversal
7642| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
7643| [26536] Dovecot IMAP LIST information disclosure
7644| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
7645| [24709] Dovecot APPEND command denial of service
7646| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
7647| [19460] Cyrus IMAP imapd buffer overflow
7648| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
7649| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
7650| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
7651| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
7652| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
7653| [7345] Slackware Linux imapd and ipop3d core dump
7654| [573] Imapd denial of service
7655|
7656| Exploit-DB - https://www.exploit-db.com:
7657| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
7658| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
7659| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
7660| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
7661| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
7662| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
7663| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
7664| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
7665| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
7666| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
7667| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
7668| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
7669| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
7670| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
7671| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
7672| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
7673| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
7674| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
7675| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
7676| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
7677| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
7678| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
7679| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
7680| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
7681| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
7682| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
7683| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
7684| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
7685| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
7686| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
7687| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
7688| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
7689| [340] Linux imapd Remote Overflow File Retrieve Exploit
7690|
7691| OpenVAS (Nessus) - http://www.openvas.org:
7692| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
7693| [901025] Dovecot Version Detection
7694| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
7695| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
7696| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
7697| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
7698| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
7699| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
7700| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
7701| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
7702| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
7703| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
7704| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
7705| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
7706| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
7707| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
7708| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
7709| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
7710| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
7711| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
7712| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
7713| [870607] RedHat Update for dovecot RHSA-2011:0600-01
7714| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
7715| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
7716| [870471] RedHat Update for dovecot RHSA-2011:1187-01
7717| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
7718| [870153] RedHat Update for dovecot RHSA-2008:0297-02
7719| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
7720| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
7721| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
7722| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
7723| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
7724| [863272] Fedora Update for dovecot FEDORA-2011-7612
7725| [863115] Fedora Update for dovecot FEDORA-2011-7258
7726| [861525] Fedora Update for dovecot FEDORA-2007-664
7727| [861394] Fedora Update for dovecot FEDORA-2007-493
7728| [861333] Fedora Update for dovecot FEDORA-2007-1485
7729| [860845] Fedora Update for dovecot FEDORA-2008-9202
7730| [860663] Fedora Update for dovecot FEDORA-2008-2475
7731| [860169] Fedora Update for dovecot FEDORA-2008-2464
7732| [860089] Fedora Update for dovecot FEDORA-2008-9232
7733| [840950] Ubuntu Update for dovecot USN-1295-1
7734| [840668] Ubuntu Update for dovecot USN-1143-1
7735| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
7736| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
7737| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
7738| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
7739| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
7740| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
7741| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
7742| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
7743| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
7744| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
7745| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
7746| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
7747| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
7748| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
7749| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
7750| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
7751| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
7752| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
7753| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
7754| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
7755| [70259] FreeBSD Ports: dovecot
7756| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
7757| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
7758| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
7759| [66522] FreeBSD Ports: dovecot
7760| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
7761| [66233] SLES10: Security update for Cyrus IMAPD
7762| [66226] SLES11: Security update for Cyrus IMAPD
7763| [66222] SLES9: Security update for Cyrus IMAPD
7764| [65938] SLES10: Security update for Cyrus IMAPD
7765| [65723] SLES11: Security update for Cyrus IMAPD
7766| [65523] SLES9: Security update for Cyrus IMAPD
7767| [65479] SLES9: Security update for cyrus-imapd
7768| [65094] SLES9: Security update for cyrus-imapd
7769| [65010] Ubuntu USN-838-1 (dovecot)
7770| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
7771| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
7772| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
7773| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
7774| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
7775| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
7776| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
7777| [64898] FreeBSD Ports: cyrus-imapd
7778| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
7779| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
7780| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
7781| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
7782| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
7783| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
7784| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
7785| [62854] FreeBSD Ports: dovecot-managesieve
7786| [61916] FreeBSD Ports: dovecot
7787| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
7788| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
7789| [60528] FreeBSD Ports: dovecot
7790| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
7791| [60089] FreeBSD Ports: dovecot
7792| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
7793| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
7794| [55807] Slackware Advisory SSA:2005-310-06 imapd
7795| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
7796| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
7797| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
7798| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
7799| [52297] FreeBSD Ports: cyrus-imapd
7800| [52296] FreeBSD Ports: cyrus-imapd
7801| [52295] FreeBSD Ports: cyrus-imapd
7802| [52294] FreeBSD Ports: cyrus-imapd
7803| [52172] FreeBSD Ports: cyrus-imapd
7804|
7805| SecurityTracker - https://www.securitytracker.com:
7806| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
7807| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
7808| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
7809| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
7810|
7811| OSVDB - http://www.osvdb.org:
7812| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
7813| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
7814| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
7815| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
7816| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
7817| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
7818| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
7819| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
7820| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
7821| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
7822| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
7823| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
7824| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
7825| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
7826| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
7827| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
7828| [66113] Dovecot Mail Root Directory Creation Permission Weakness
7829| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
7830| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
7831| [66110] Dovecot Multiple Unspecified Buffer Overflows
7832| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
7833| [64783] Dovecot E-mail Message Header Unspecified DoS
7834| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
7835| [62796] Dovecot mbox Format Email Header Handling DoS
7836| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
7837| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
7838| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
7839| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
7840| [52906] UW-imapd c-client Initial Request Remote Format String
7841| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
7842| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
7843| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
7844| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
7845| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
7846| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
7847| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
7848| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
7849| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
7850| [43137] Dovecot mail_extra_groups Symlink File Manipulation
7851| [42979] Dovecot passdbs Argument Injection Authentication Bypass
7852| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
7853| [39876] Dovecot LDAP Auth Cache Security Bypass
7854| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
7855| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
7856| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
7857| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
7858| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
7859| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
7860| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
7861| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7862| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
7863| [23281] Dovecot imap/pop3-login dovecot-auth DoS
7864| [23280] Dovecot Malformed APPEND Command DoS
7865| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
7866| [13242] UW-imapd CRAM-MD5 Authentication Bypass
7867| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
7868| [12042] UoW imapd Multiple Unspecified Overflows
7869| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
7870| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7871| [911] UoW imapd AUTHENTICATE Command Remote Overflow
7872| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
7873| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
7874|_
7875443/tcp open ssl/http Apache httpd
7876|_http-server-header: Apache
7877| vulscan: VulDB - https://vuldb.com:
7878| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7879| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7880| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7881| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7882| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7883| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7884| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7885| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7886| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7887| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7888| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7889| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7890| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7891| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7892| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7893| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7894| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7895| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7896| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7897| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7898| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7899| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7900| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7901| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7902| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7903| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7904| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7905| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7906| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7907| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7908| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7909| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7910| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7911| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7912| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7913| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7914| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7915| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7916| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7917| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7918| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7919| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7920| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7921| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7922| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7923| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7924| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7925| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7926| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7927| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7928| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7929| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7930| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7931| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7932| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7933| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7934| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7935| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7936| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7937| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7938| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7939| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7940| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7941| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7942| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7943| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7944| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7945| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7946| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7947| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7948| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7949| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7950| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7951| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7952| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7953| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7954| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7955| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7956| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7957| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7958| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7959| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7960| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7961| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7962| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7963| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7964| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7965| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7966| [136370] Apache Fineract up to 1.2.x sql injection
7967| [136369] Apache Fineract up to 1.2.x sql injection
7968| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7969| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7970| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7971| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7972| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7973| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7974| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7975| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7976| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7977| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7978| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7979| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7980| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7981| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7982| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7983| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7984| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7985| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7986| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7987| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7988| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7989| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7990| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7991| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7992| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7993| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7994| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7995| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7996| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7997| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7998| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7999| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8000| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8001| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8002| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8003| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8004| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8005| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8006| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8007| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8008| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8009| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8010| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8011| [130629] Apache Guacamole Cookie Flag weak encryption
8012| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8013| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8014| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8015| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8016| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8017| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8018| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8019| [130123] Apache Airflow up to 1.8.2 information disclosure
8020| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8021| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8022| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8023| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8024| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8025| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8026| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8027| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8028| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8029| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8030| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8031| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8032| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8033| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8034| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8035| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8036| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8037| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8038| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8039| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8040| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8041| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8042| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8043| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8044| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8045| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8046| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8047| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8048| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8049| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8050| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8051| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8052| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8053| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8054| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8055| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8056| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8057| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8058| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8059| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8060| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8061| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8062| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8063| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8064| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8065| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8066| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8067| [127007] Apache Spark Request Code Execution
8068| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8069| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8070| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8071| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8072| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8073| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8074| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8075| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8076| [126346] Apache Tomcat Path privilege escalation
8077| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8078| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8079| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8080| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8081| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8082| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8083| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8084| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8085| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8086| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8087| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8088| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8089| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8090| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8091| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8092| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8093| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8094| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8095| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8096| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8097| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8098| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8099| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8100| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8101| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8102| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8103| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8104| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8105| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8106| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8107| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8108| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8109| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8110| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8111| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8112| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8113| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8114| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8115| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8116| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8117| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8118| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8119| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8120| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8121| [123197] Apache Sentry up to 2.0.0 privilege escalation
8122| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8123| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8124| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8125| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8126| [122800] Apache Spark 1.3.0 REST API weak authentication
8127| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8128| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8129| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8130| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8131| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8132| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8133| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8134| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8135| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8136| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8137| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8138| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8139| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8140| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8141| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8142| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8143| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8144| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8145| [121354] Apache CouchDB HTTP API Code Execution
8146| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8147| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8148| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8149| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8150| [120168] Apache CXF weak authentication
8151| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8152| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8153| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8154| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8155| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8156| [119306] Apache MXNet Network Interface privilege escalation
8157| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8158| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8159| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8160| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8161| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8162| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8163| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8164| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8165| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8166| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8167| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8168| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8169| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8170| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8171| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8172| [117115] Apache Tika up to 1.17 tika-server command injection
8173| [116929] Apache Fineract getReportType Parameter privilege escalation
8174| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8175| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8176| [116926] Apache Fineract REST Parameter privilege escalation
8177| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8178| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8179| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8180| [115883] Apache Hive up to 2.3.2 privilege escalation
8181| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8182| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8183| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8184| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8185| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8186| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8187| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8188| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8189| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8190| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8191| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8192| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8193| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8194| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8195| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8196| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8197| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8198| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8199| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8200| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8201| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8202| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8203| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8204| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8205| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8206| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8207| [113895] Apache Geode up to 1.3.x Code Execution
8208| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8209| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8210| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8211| [113747] Apache Tomcat Servlets privilege escalation
8212| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8213| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8214| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8215| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8216| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8217| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8218| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8219| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8220| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8221| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8222| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8223| [112885] Apache Allura up to 1.8.0 File information disclosure
8224| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8225| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8226| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8227| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8228| [112625] Apache POI up to 3.16 Loop denial of service
8229| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8230| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8231| [112339] Apache NiFi 1.5.0 Header privilege escalation
8232| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8233| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8234| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8235| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8236| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8237| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8238| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8239| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8240| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8241| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8242| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8243| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8244| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8245| [112114] Oracle 9.1 Apache Log4j privilege escalation
8246| [112113] Oracle 9.1 Apache Log4j privilege escalation
8247| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8248| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8249| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8250| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8251| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8252| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8253| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8254| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8255| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8256| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8257| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8258| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8259| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8260| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8261| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8262| [110701] Apache Fineract Query Parameter sql injection
8263| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8264| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8265| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8266| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8267| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8268| [110106] Apache CXF Fediz Spring cross site request forgery
8269| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8270| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8271| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8272| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8273| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8274| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8275| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8276| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8277| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8278| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8279| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8280| [108938] Apple macOS up to 10.13.1 apache denial of service
8281| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8282| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8283| [108935] Apple macOS up to 10.13.1 apache denial of service
8284| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8285| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8286| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8287| [108931] Apple macOS up to 10.13.1 apache denial of service
8288| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8289| [108929] Apple macOS up to 10.13.1 apache denial of service
8290| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8291| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8292| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8293| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8294| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8295| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8296| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8297| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8298| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8299| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8300| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8301| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8302| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8303| [108782] Apache Xerces2 XML Service denial of service
8304| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8305| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8306| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8307| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8308| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8309| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8310| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8311| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8312| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8313| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8314| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8315| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8316| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8317| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8318| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8319| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8320| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8321| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8322| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8323| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8324| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8325| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8326| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8327| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8328| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8329| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8330| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8331| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8332| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8333| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8334| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8335| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8336| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8337| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8338| [107639] Apache NiFi 1.4.0 XML External Entity
8339| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8340| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8341| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8342| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8343| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8344| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8345| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8346| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8347| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8348| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8349| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8350| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8351| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8352| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8353| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8354| [107084] Apache Struts up to 2.3.19 cross site scripting
8355| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8356| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8357| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8358| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8359| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8360| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8361| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8362| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8363| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8364| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8365| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8366| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8367| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8368| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8369| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8370| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8371| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8372| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8373| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8374| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8375| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8376| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8377| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8378| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8379| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8380| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8381| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8382| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8383| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8384| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8385| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8386| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8387| [105643] Apache Pony Mail up to 0.8b weak authentication
8388| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8389| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8390| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8391| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8392| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8393| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8394| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8395| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8396| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8397| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8398| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8399| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8400| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8401| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8402| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8403| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8404| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8405| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8406| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8407| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8408| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8409| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8410| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8411| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8412| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8413| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8414| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8415| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8416| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8417| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8418| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8419| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8420| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8421| [103690] Apache OpenMeetings 1.0.0 sql injection
8422| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8423| [103688] Apache OpenMeetings 1.0.0 weak encryption
8424| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8425| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8426| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8427| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8428| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8429| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8430| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8431| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8432| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8433| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8434| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8435| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8436| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8437| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8438| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8439| [103352] Apache Solr Node weak authentication
8440| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8441| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8442| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8443| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8444| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8445| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8446| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8447| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8448| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8449| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8450| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8451| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8452| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8453| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8454| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8455| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8456| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8457| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8458| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8459| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8460| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8461| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8462| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8463| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8464| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8465| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8466| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8467| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8468| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8469| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8470| [99937] Apache Batik up to 1.8 privilege escalation
8471| [99936] Apache FOP up to 2.1 privilege escalation
8472| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8473| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8474| [99930] Apache Traffic Server up to 6.2.0 denial of service
8475| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8476| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8477| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8478| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8479| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8480| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8481| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8482| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8483| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8484| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8485| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8486| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8487| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8488| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8489| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8490| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8491| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8492| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8493| [98605] Apple macOS up to 10.12.3 Apache denial of service
8494| [98604] Apple macOS up to 10.12.3 Apache denial of service
8495| [98603] Apple macOS up to 10.12.3 Apache denial of service
8496| [98602] Apple macOS up to 10.12.3 Apache denial of service
8497| [98601] Apple macOS up to 10.12.3 Apache denial of service
8498| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8499| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8500| [98199] Apache Camel Validation XML External Entity
8501| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8502| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8503| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8504| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8505| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8506| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8507| [97081] Apache Tomcat HTTPS Request denial of service
8508| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8509| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8510| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8511| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8512| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8513| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8514| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8515| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8516| [95311] Apache Storm UI Daemon privilege escalation
8517| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8518| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8519| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8520| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8521| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8522| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8523| [94540] Apache Tika 1.9 tika-server File information disclosure
8524| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8525| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8526| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8527| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8528| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8529| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8530| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8531| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8532| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8533| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8534| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8535| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8536| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8537| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8538| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8539| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8540| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8541| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8542| [93532] Apache Commons Collections Library Java privilege escalation
8543| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8544| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8545| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8546| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8547| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8548| [93098] Apache Commons FileUpload privilege escalation
8549| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8550| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8551| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8552| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8553| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8554| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8555| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8556| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8557| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8558| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8559| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8560| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8561| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8562| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8563| [92549] Apache Tomcat on Red Hat privilege escalation
8564| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8565| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8566| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8567| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8568| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8569| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8570| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8571| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8572| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8573| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8574| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8575| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8576| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8577| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8578| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8579| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8580| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8581| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8582| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8583| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8584| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8585| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8586| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8587| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8588| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8589| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8590| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8591| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8592| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8593| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8594| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8595| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8596| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8597| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8598| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8599| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8600| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8601| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8602| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8603| [90263] Apache Archiva Header denial of service
8604| [90262] Apache Archiva Deserialize privilege escalation
8605| [90261] Apache Archiva XML DTD Connection privilege escalation
8606| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8607| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8608| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8609| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8610| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8611| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8612| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8613| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8614| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8615| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8616| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8617| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8618| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8619| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8620| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8621| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8622| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8623| [87765] Apache James Server 2.3.2 Command privilege escalation
8624| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8625| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8626| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8627| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8628| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8629| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8630| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8631| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8632| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8633| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8634| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8635| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8636| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8637| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8638| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8639| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8640| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8641| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8642| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8643| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8644| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8645| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8646| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8647| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8648| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8649| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8650| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8651| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8652| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8653| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8654| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8655| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8656| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8657| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8658| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8659| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8660| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8661| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8662| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8663| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8664| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8665| [82076] Apache Ranger up to 0.5.1 privilege escalation
8666| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8667| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8668| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8669| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8670| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8671| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8672| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8673| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8674| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8675| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8676| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8677| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8678| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8679| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8680| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8681| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8682| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8683| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8684| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8685| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8686| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8687| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8688| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8689| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8690| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8691| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8692| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8693| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8694| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8695| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8696| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8697| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8698| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8699| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8700| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8701| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8702| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8703| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8704| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8705| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8706| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8707| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8708| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8709| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8710| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8711| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8712| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8713| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8714| [78989] Apache Ambari up to 2.1.1 Open Redirect
8715| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8716| [78987] Apache Ambari up to 2.0.x cross site scripting
8717| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8718| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8719| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8720| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8721| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8722| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8723| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8724| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8725| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8726| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8727| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8728| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8729| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8730| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8731| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8732| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8733| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8734| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8735| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8736| [76567] Apache Struts 2.3.20 unknown vulnerability
8737| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8738| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8739| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8740| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8741| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8742| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8743| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8744| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8745| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8746| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8747| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8748| [74793] Apache Tomcat File Upload denial of service
8749| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8750| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8751| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8752| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8753| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8754| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8755| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8756| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8757| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8758| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8759| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8760| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8761| [74468] Apache Batik up to 1.6 denial of service
8762| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8763| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8764| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8765| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8766| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8767| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8768| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8769| [73731] Apache XML Security unknown vulnerability
8770| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8771| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8772| [73593] Apache Traffic Server up to 5.1.0 denial of service
8773| [73511] Apache POI up to 3.10 Deadlock denial of service
8774| [73510] Apache Solr up to 4.3.0 cross site scripting
8775| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8776| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8777| [73173] Apache CloudStack Stack-Based unknown vulnerability
8778| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8779| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8780| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8781| [72890] Apache Qpid 0.30 unknown vulnerability
8782| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8783| [72878] Apache Cordova 3.5.0 cross site request forgery
8784| [72877] Apache Cordova 3.5.0 cross site request forgery
8785| [72876] Apache Cordova 3.5.0 cross site request forgery
8786| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8787| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8788| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8789| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8790| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8791| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8792| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8793| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8794| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8795| [71629] Apache Axis2/C spoofing
8796| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8797| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8798| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8799| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8800| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8801| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8802| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8803| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8804| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8805| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8806| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8807| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8808| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8809| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8810| [70809] Apache POI up to 3.11 Crash denial of service
8811| [70808] Apache POI up to 3.10 unknown vulnerability
8812| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8813| [70749] Apache Axis up to 1.4 getCN spoofing
8814| [70701] Apache Traffic Server up to 3.3.5 denial of service
8815| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8816| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8817| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8818| [70661] Apache Subversion up to 1.6.17 denial of service
8819| [70660] Apache Subversion up to 1.6.17 spoofing
8820| [70659] Apache Subversion up to 1.6.17 spoofing
8821| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8822| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8823| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8824| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8825| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8826| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8827| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8828| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8829| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8830| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8831| [69846] Apache HBase up to 0.94.8 information disclosure
8832| [69783] Apache CouchDB up to 1.2.0 memory corruption
8833| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8834| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8835| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8836| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8837| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8838| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8839| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8840| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8841| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8842| [69431] Apache Archiva up to 1.3.6 cross site scripting
8843| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8844| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8845| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8846| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8847| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8848| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8849| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8850| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8851| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8852| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8853| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8854| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8855| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8856| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8857| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8858| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8859| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8860| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8861| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8862| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8863| [66356] Apache Wicket up to 6.8.0 information disclosure
8864| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8865| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8866| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8867| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8868| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8869| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8870| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8871| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8872| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8873| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8874| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8875| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8876| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8877| [65668] Apache Solr 4.0.0 Updater denial of service
8878| [65665] Apache Solr up to 4.3.0 denial of service
8879| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8880| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8881| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8882| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8883| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8884| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8885| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8886| [65410] Apache Struts 2.3.15.3 cross site scripting
8887| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8888| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8889| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8890| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8891| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8892| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8893| [65340] Apache Shindig 2.5.0 information disclosure
8894| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8895| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8896| [10826] Apache Struts 2 File privilege escalation
8897| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8898| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8899| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8900| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8901| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8902| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8903| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8904| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8905| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8906| [64722] Apache XML Security for C++ Heap-based memory corruption
8907| [64719] Apache XML Security for C++ Heap-based memory corruption
8908| [64718] Apache XML Security for C++ verify denial of service
8909| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8910| [64716] Apache XML Security for C++ spoofing
8911| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8912| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8913| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8914| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8915| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8916| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8917| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8918| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8919| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8920| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8921| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8922| [64467] Apache Geronimo 3.0 memory corruption
8923| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8924| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8925| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8926| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8927| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8928| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8929| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8930| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8931| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8932| [8873] Apache Struts 2.3.14 privilege escalation
8933| [8872] Apache Struts 2.3.14 privilege escalation
8934| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8935| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8936| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8937| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8938| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8939| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8940| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8941| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8942| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8943| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8944| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8945| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8946| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8947| [8427] Apache Tomcat Session Transaction weak authentication
8948| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8949| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8950| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8951| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8952| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8953| [63747] Apache Rave up to 0.20 User Account information disclosure
8954| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8955| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8956| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8957| [7687] Apache CXF up to 2.7.2 Token weak authentication
8958| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8959| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8960| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8961| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8962| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8963| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8964| [63090] Apache Tomcat up to 4.1.24 denial of service
8965| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8966| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8967| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8968| [62833] Apache CXF -/2.6.0 spoofing
8969| [62832] Apache Axis2 up to 1.6.2 spoofing
8970| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8971| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8972| [62826] Apache Libcloud up to 0.11.0 spoofing
8973| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8974| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8975| [62661] Apache Axis2 unknown vulnerability
8976| [62658] Apache Axis2 unknown vulnerability
8977| [62467] Apache Qpid up to 0.17 denial of service
8978| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8979| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8980| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8981| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8982| [62035] Apache Struts up to 2.3.4 denial of service
8983| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8984| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8985| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8986| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8987| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8988| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8989| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8990| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8991| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8992| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8993| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8994| [61229] Apache Sling up to 2.1.1 denial of service
8995| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8996| [61094] Apache Roller up to 5.0 cross site scripting
8997| [61093] Apache Roller up to 5.0 cross site request forgery
8998| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8999| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9000| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9001| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9002| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9003| [60708] Apache Qpid 0.12 unknown vulnerability
9004| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9005| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9006| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9007| [4882] Apache Wicket up to 1.5.4 directory traversal
9008| [4881] Apache Wicket up to 1.4.19 cross site scripting
9009| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9010| [60352] Apache Struts up to 2.2.3 memory corruption
9011| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9012| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9013| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9014| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9015| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9016| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9017| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9018| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9019| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9020| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9021| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9022| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9023| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9024| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9025| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9026| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9027| [59888] Apache Tomcat up to 6.0.6 denial of service
9028| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9029| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9030| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9031| [59850] Apache Geronimo up to 2.2.1 denial of service
9032| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9033| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9034| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9035| [58413] Apache Tomcat up to 6.0.10 spoofing
9036| [58381] Apache Wicket up to 1.4.17 cross site scripting
9037| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9038| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9039| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9040| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9041| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9042| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9043| [57568] Apache Archiva up to 1.3.4 cross site scripting
9044| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9045| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9046| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9047| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9048| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9049| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9050| [57025] Apache Tomcat up to 7.0.11 information disclosure
9051| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9052| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9053| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9054| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9055| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9056| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9057| [56512] Apache Continuum up to 1.4.0 cross site scripting
9058| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9059| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9060| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9061| [56441] Apache Tomcat up to 7.0.6 denial of service
9062| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9063| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9064| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9065| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9066| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9067| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9068| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9069| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9070| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9071| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9072| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9073| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9074| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9075| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9076| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9077| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9078| [54012] Apache Tomcat up to 6.0.10 denial of service
9079| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9080| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9081| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9082| [52894] Apache Tomcat up to 6.0.7 information disclosure
9083| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9084| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9085| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9086| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9087| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9088| [52584] Apache CouchDB up to 0.10.1 information disclosure
9089| [51757] Apache HTTP Server 2.0.44 cross site scripting
9090| [51756] Apache HTTP Server 2.0.44 spoofing
9091| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9092| [51690] Apache Tomcat up to 6.0 directory traversal
9093| [51689] Apache Tomcat up to 6.0 information disclosure
9094| [51688] Apache Tomcat up to 6.0 directory traversal
9095| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9096| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9097| [50626] Apache Solr 1.0.0 cross site scripting
9098| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9099| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9100| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9101| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9102| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9103| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9104| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9105| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9106| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9107| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9108| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9109| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9110| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9111| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9112| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9113| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9114| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9115| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9116| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9117| [47214] Apachefriends xampp 1.6.8 spoofing
9118| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9119| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9120| [47065] Apache Tomcat 4.1.23 cross site scripting
9121| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9122| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9123| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9124| [86625] Apache Struts directory traversal
9125| [44461] Apache Tomcat up to 5.5.0 information disclosure
9126| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9127| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9128| [43663] Apache Tomcat up to 6.0.16 directory traversal
9129| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9130| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9131| [43516] Apache Tomcat up to 4.1.20 directory traversal
9132| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9133| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9134| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9135| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9136| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9137| [40924] Apache Tomcat up to 6.0.15 information disclosure
9138| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9139| [40922] Apache Tomcat up to 6.0 information disclosure
9140| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9141| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9142| [40656] Apache Tomcat 5.5.20 information disclosure
9143| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9144| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9145| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9146| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9147| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9148| [40234] Apache Tomcat up to 6.0.15 directory traversal
9149| [40221] Apache HTTP Server 2.2.6 information disclosure
9150| [40027] David Castro Apache Authcas 0.4 sql injection
9151| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9152| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9153| [3414] Apache Tomcat WebDAV Stored privilege escalation
9154| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9155| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9156| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9157| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9158| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9159| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9160| [38524] Apache Geronimo 2.0 unknown vulnerability
9161| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9162| [38331] Apache Tomcat 4.1.24 information disclosure
9163| [38330] Apache Tomcat 4.1.24 information disclosure
9164| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9165| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9166| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9167| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9168| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9169| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9170| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9171| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9172| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9173| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9174| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9175| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9176| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9177| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9178| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9179| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9180| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9181| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9182| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9183| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9184| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9185| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9186| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9187| [34252] Apache HTTP Server denial of service
9188| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9189| [33877] Apache Opentaps 0.9.3 cross site scripting
9190| [33876] Apache Open For Business Project unknown vulnerability
9191| [33875] Apache Open For Business Project cross site scripting
9192| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9193| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9194|
9195| MITRE CVE - https://cve.mitre.org:
9196| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9197| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9198| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9199| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9200| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9201| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9202| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9203| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9204| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9205| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9206| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9207| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9208| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9209| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9210| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9211| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9212| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9213| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9214| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9215| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9216| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9217| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9218| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9219| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9220| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9221| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9222| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9223| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9224| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9225| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9226| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9227| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9228| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9229| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9230| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9231| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9232| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9233| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9234| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9235| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9236| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9237| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9238| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9239| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9240| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9241| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9242| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9243| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9244| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9245| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9246| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9247| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9248| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9249| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9250| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9251| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9252| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9253| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9254| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9255| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9256| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9257| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9258| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9259| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9260| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9261| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9262| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9263| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9264| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9265| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9266| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9267| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9268| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9269| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9270| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9271| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9272| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9273| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9274| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9275| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9276| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9277| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9278| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9279| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9280| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9281| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9282| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9283| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9284| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9285| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9286| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9287| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9288| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9289| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9290| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9291| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9292| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9293| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9294| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9295| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9296| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9297| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9298| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9299| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9300| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9301| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9302| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9303| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9304| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9305| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9306| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9307| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9308| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9309| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9310| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9311| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9312| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9313| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9314| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9315| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9316| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9317| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9318| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9319| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9320| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9321| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9322| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9323| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9324| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9325| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9326| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9327| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9328| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9329| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9330| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9331| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9332| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9333| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9334| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9335| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9336| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9337| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9338| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9339| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9340| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9341| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9342| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9343| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9344| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9345| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9346| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9347| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9348| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9349| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9350| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9351| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9352| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9353| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9354| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9355| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9356| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9357| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9358| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9359| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9360| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9361| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9362| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9363| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9364| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9365| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9366| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9367| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9368| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9369| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9370| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9371| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9372| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9373| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9374| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9375| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9376| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9377| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9378| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9379| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9380| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9381| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9382| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9383| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9384| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9385| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9386| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9387| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9388| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9389| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9390| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9391| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9392| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9393| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9394| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9395| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9396| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9397| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9398| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9399| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9400| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9401| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9402| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9403| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9404| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9405| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9406| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9407| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9408| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9409| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9410| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9411| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9412| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9413| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9414| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9415| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9416| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9417| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9418| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9419| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9420| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9421| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9422| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9423| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9424| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9425| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9426| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9427| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9428| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9429| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9430| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9431| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9432| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9433| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9434| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9435| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9436| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9437| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9438| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9439| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9440| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9441| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9442| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9443| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9444| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9445| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9446| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9447| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9448| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9449| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9450| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9451| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9452| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9453| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9454| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9455| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9456| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9457| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9458| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9459| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9460| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9461| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9462| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9463| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9464| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9465| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9466| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9467| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9468| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9469| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9470| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9471| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9472| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9473| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9474| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9475| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9476| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9477| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9478| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9479| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9480| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9481| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9482| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9483| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9484| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9485| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9486| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9487| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9488| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9489| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9490| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9491| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9492| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9493| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9494| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9495| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9496| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9497| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9498| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9499| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9500| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9501| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9502| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9503| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9504| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9505| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9506| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9507| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9508| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9509| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9510| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9511| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9512| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9513| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9514| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9515| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9516| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9517| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9518| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9519| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9520| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9521| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9522| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9523| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9524| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9525| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9526| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9527| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9528| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9529| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9530| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9531| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9532| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9533| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9534| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9535| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9536| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9537| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9538| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9539| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9540| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9541| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9542| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9543| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9544| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9545| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9546| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9547| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9548| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9549| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9550| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9551| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9552| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9553| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9554| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9555| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9556| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9557| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9558| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9559| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9560| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9561| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9562| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9563| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9564| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9565| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9566| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9567| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9568| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9569| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9570| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9571| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9572| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9573| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9574| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9575| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9576| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9577| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9578| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9579| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9580| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9581| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9582| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9583| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9584| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9585| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9586| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9587| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9588| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9589| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9590| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9591| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9592| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9593| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9594| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9595| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9596| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9597| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9598| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9599| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9600| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9601| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9602| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9603| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9604| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9605| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9606| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9607| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9608| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9609| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9610| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9611| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9612| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9613| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9614| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9615| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9616| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9617| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9618| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9619| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9620| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9621| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9622| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9623| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9624| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9625| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9626| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9627| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9628| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9629| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9630| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9631| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9632| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9633| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9634| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9635| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9636| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9637| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9638| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9639| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9640| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9641| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9642| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9643| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9644| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9645| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9646| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9647| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9648| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9649| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9650| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9651| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9652| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9653| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9654| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9655| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9656| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9657| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9658| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9659| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9660| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9661| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9662| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9663| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9664| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9665| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9666| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9667| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9668| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9669| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9670| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9671| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9672| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9673| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9674| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9675| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9676| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9677| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9678| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9679| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9680| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9681| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9682| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9683| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9684| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9685| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9686| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9687| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9688| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9689| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9690| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9691| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9692| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9693| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9694| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9695| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9696| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9697| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9698| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9699| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9700| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9701| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9702| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9703| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9704| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9705| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9706| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9707| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9708| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9709| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9710| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9711| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9712| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9713| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9714| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9715| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9716| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9717| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9718| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9719| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9720| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9721| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9722| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9723| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9724| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9725| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9726| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9727| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9728| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9729| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9730| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9731| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9732| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9733| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9734| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9735| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9736| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9737| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9738| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9739| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9740| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9741| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9742| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9743| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9744| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9745| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9746| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9747| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9748| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9749| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9750| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9751| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9752| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9753| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9754| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9755| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9756| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9757| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9758| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9759| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9760| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9761| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9762| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9763| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9764| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9765| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9766| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9767| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9768| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9769| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9770| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9771| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9772| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9773| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9774| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9775| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9776| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9777| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9778| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9779| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9780| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9781| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9782| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9783| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9784| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9785| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9786| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9787| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9788| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9789| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9790| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9791| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9792| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9793| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9794| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9795| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9796| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9797| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9798| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9799| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9800| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9801| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9802| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9803| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9804| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9805|
9806| SecurityFocus - https://www.securityfocus.com/bid/:
9807| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9808| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9809| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9810| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9811| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9812| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9813| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9814| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9815| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9816| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9817| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9818| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9819| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9820| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9821| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9822| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9823| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9824| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9825| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9826| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9827| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9828| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9829| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9830| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9831| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9832| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9833| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9834| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9835| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9836| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9837| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9838| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9839| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9840| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9841| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9842| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9843| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9844| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9845| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9846| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9847| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9848| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9849| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9850| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9851| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9852| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9853| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9854| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9855| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9856| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9857| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9858| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9859| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9860| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9861| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9862| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9863| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9864| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9865| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9866| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9867| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9868| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9869| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9870| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9871| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9872| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9873| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9874| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9875| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9876| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9877| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9878| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9879| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9880| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9881| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9882| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9883| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9884| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9885| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9886| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9887| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9888| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9889| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9890| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9891| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9892| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9893| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9894| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9895| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9896| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9897| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9898| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9899| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9900| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9901| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9902| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9903| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9904| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9905| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9906| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9907| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9908| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9909| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9910| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9911| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9912| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9913| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9914| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9915| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9916| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9917| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9918| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9919| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9920| [100447] Apache2Triad Multiple Security Vulnerabilities
9921| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9922| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9923| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9924| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9925| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9926| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9927| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9928| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9929| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9930| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9931| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9932| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9933| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9934| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9935| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9936| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9937| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9938| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9939| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9940| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9941| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9942| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9943| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9944| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9945| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9946| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9947| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9948| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9949| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9950| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9951| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9952| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9953| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9954| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9955| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9956| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9957| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9958| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9959| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9960| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9961| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9962| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9963| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9964| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9965| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9966| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9967| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9968| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9969| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9970| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9971| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9972| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9973| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9974| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9975| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9976| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9977| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9978| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9979| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9980| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9981| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9982| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9983| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9984| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9985| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9986| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9987| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9988| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9989| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9990| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9991| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9992| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9993| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9994| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9995| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9996| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9997| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9998| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9999| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10000| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10001| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10002| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10003| [95675] Apache Struts Remote Code Execution Vulnerability
10004| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10005| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10006| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10007| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10008| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10009| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10010| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10011| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10012| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10013| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10014| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10015| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10016| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10017| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10018| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10019| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10020| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10021| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10022| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10023| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10024| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10025| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10026| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10027| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10028| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10029| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10030| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10031| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10032| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10033| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10034| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10035| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10036| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10037| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10038| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10039| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10040| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10041| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10042| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10043| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10044| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10045| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10046| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10047| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10048| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10049| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10050| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10051| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10052| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10053| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10054| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10055| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10056| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10057| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10058| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10059| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10060| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10061| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10062| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10063| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10064| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10065| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10066| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10067| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10068| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10069| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10070| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10071| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10072| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10073| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10074| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10075| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10076| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10077| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10078| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10079| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10080| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10081| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10082| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10083| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10084| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10085| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10086| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10087| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10088| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10089| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10090| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10091| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10092| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10093| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10094| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10095| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10096| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10097| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10098| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10099| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10100| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10101| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10102| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10103| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10104| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10105| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10106| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10107| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10108| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10109| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10110| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10111| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10112| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10113| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10114| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10115| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10116| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10117| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10118| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10119| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10120| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10121| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10122| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10123| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10124| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10125| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10126| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10127| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10128| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10129| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10130| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10131| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10132| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10133| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10134| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10135| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10136| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10137| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10138| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10139| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10140| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10141| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10142| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10143| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10144| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10145| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10146| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10147| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10148| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10149| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10150| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10151| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10152| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10153| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10154| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10155| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10156| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10157| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10158| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10159| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10160| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10161| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10162| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10163| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10164| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10165| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10166| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10167| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10168| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10169| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10170| [76933] Apache James Server Unspecified Command Execution Vulnerability
10171| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10172| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10173| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10174| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10175| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10176| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10177| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10178| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10179| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10180| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10181| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10182| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10183| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10184| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10185| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10186| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10187| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10188| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10189| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10190| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10191| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10192| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10193| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10194| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10195| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10196| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10197| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10198| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10199| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10200| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10201| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10202| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10203| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10204| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10205| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10206| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10207| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10208| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10209| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10210| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10211| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10212| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10213| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10214| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10215| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10216| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10217| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10218| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10219| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10220| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10221| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10222| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10223| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10224| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10225| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10226| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10227| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10228| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10229| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10230| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10231| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10232| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10233| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10234| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10235| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10236| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10237| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10238| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10239| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10240| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10241| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10242| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10243| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10244| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10245| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10246| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10247| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10248| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10249| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10250| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10251| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10252| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10253| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10254| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10255| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10256| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10257| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10258| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10259| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10260| [68229] Apache Harmony PRNG Entropy Weakness
10261| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10262| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10263| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10264| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10265| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10266| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10267| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10268| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10269| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10270| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10271| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10272| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10273| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10274| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10275| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10276| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10277| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10278| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10279| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10280| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10281| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10282| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10283| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10284| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10285| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10286| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10287| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10288| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10289| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10290| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10291| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10292| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10293| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10294| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10295| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10296| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10297| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10298| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10299| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10300| [64780] Apache CloudStack Unauthorized Access Vulnerability
10301| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10302| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10303| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10304| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10305| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10306| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10307| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10308| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10309| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10310| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10311| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10312| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10313| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10314| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10315| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10316| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10317| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10318| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10319| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10320| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10321| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10322| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10323| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10324| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10325| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10326| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10327| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10328| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10329| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10330| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10331| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10332| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10333| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10334| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10335| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10336| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10337| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10338| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10339| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10340| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10341| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10342| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10343| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10344| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10345| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10346| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10347| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10348| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10349| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10350| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10351| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10352| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10353| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10354| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10355| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10356| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10357| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10358| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10359| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10360| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10361| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10362| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10363| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10364| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10365| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10366| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10367| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10368| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10369| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10370| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10371| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10372| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10373| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10374| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10375| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10376| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10377| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10378| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10379| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10380| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10381| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10382| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10383| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10384| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10385| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10386| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10387| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10388| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10389| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10390| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10391| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10392| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10393| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10394| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10395| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10396| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10397| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10398| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10399| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10400| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10401| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10402| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10403| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10404| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10405| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10406| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10407| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10408| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10409| [54798] Apache Libcloud Man In The Middle Vulnerability
10410| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10411| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10412| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10413| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10414| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10415| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10416| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10417| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10418| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10419| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10420| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10421| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10422| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10423| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10424| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10425| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10426| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10427| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10428| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10429| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10430| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10431| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10432| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10433| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10434| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10435| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10436| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10437| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10438| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10439| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10440| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10441| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10442| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10443| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10444| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10445| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10446| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10447| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10448| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10449| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10450| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10451| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10452| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10453| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10454| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10455| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10456| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10457| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10458| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10459| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10460| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10461| [49290] Apache Wicket Cross Site Scripting Vulnerability
10462| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10463| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10464| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10465| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10466| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10467| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10468| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10469| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10470| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10471| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10472| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10473| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10474| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10475| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10476| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10477| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10478| [46953] Apache MPM-ITK Module Security Weakness
10479| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10480| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10481| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10482| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10483| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10484| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10485| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10486| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10487| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10488| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10489| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10490| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10491| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10492| [44616] Apache Shiro Directory Traversal Vulnerability
10493| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10494| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10495| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10496| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10497| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10498| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10499| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10500| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10501| [42492] Apache CXF XML DTD Processing Security Vulnerability
10502| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10503| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10504| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10505| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10506| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10507| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10508| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10509| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10510| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10511| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10512| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10513| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10514| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10515| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10516| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10517| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10518| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10519| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10520| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10521| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10522| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10523| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10524| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10525| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10526| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10527| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10528| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10529| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10530| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10531| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10532| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10533| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10534| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10535| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10536| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10537| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10538| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10539| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10540| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10541| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10542| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10543| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10544| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10545| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10546| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10547| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10548| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10549| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10550| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10551| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10552| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10553| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10554| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10555| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10556| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10557| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10558| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10559| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10560| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10561| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10562| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10563| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10564| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10565| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10566| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10567| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10568| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10569| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10570| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10571| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10572| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10573| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10574| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10575| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10576| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10577| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10578| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10579| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10580| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10581| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10582| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10583| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10584| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10585| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10586| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10587| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10588| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10589| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10590| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10591| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10592| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10593| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10594| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10595| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10596| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10597| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10598| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10599| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10600| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10601| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10602| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10603| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10604| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10605| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10606| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10607| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10608| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10609| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10610| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10611| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10612| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10613| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10614| [20527] Apache Mod_TCL Remote Format String Vulnerability
10615| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10616| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10617| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10618| [19106] Apache Tomcat Information Disclosure Vulnerability
10619| [18138] Apache James SMTP Denial Of Service Vulnerability
10620| [17342] Apache Struts Multiple Remote Vulnerabilities
10621| [17095] Apache Log4Net Denial Of Service Vulnerability
10622| [16916] Apache mod_python FileSession Code Execution Vulnerability
10623| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10624| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10625| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10626| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10627| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10628| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10629| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10630| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10631| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10632| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10633| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10634| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10635| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10636| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10637| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10638| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10639| [14106] Apache HTTP Request Smuggling Vulnerability
10640| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10641| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10642| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10643| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10644| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10645| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10646| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10647| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10648| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10649| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10650| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10651| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10652| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10653| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10654| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10655| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10656| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10657| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10658| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10659| [11094] Apache mod_ssl Denial Of Service Vulnerability
10660| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10661| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10662| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10663| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10664| [10478] ClueCentral Apache Suexec Patch Security Weakness
10665| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10666| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10667| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10668| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10669| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10670| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10671| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10672| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10673| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10674| [9733] Apache Cygwin Directory Traversal Vulnerability
10675| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10676| [9590] Apache-SSL Client Certificate Forging Vulnerability
10677| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10678| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10679| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10680| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10681| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10682| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10683| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10684| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10685| [8898] Red Hat Apache Directory Index Default Configuration Error
10686| [8883] Apache Cocoon Directory Traversal Vulnerability
10687| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10688| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10689| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10690| [8707] Apache htpasswd Password Entropy Weakness
10691| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10692| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10693| [8226] Apache HTTP Server Multiple Vulnerabilities
10694| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10695| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10696| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10697| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10698| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10699| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10700| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10701| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10702| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10703| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10704| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10705| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10706| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10707| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10708| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10709| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10710| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10711| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10712| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10713| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10714| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10715| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10716| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10717| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10718| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10719| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10720| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10721| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10722| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10723| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10724| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10725| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10726| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10727| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10728| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10729| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10730| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10731| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10732| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10733| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10734| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10735| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10736| [5485] Apache 2.0 Path Disclosure Vulnerability
10737| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10738| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10739| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10740| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10741| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10742| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10743| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10744| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10745| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10746| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10747| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10748| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10749| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10750| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10751| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10752| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10753| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10754| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10755| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10756| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10757| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10758| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10759| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10760| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10761| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10762| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10763| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10764| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10765| [3596] Apache Split-Logfile File Append Vulnerability
10766| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10767| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10768| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10769| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10770| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10771| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10772| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10773| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10774| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10775| [3169] Apache Server Address Disclosure Vulnerability
10776| [3009] Apache Possible Directory Index Disclosure Vulnerability
10777| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10778| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10779| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10780| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10781| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10782| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10783| [2216] Apache Web Server DoS Vulnerability
10784| [2182] Apache /tmp File Race Vulnerability
10785| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10786| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10787| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10788| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10789| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10790| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10791| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10792| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10793| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10794| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10795| [1457] Apache::ASP source.asp Example Script Vulnerability
10796| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10797| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10798|
10799| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10800| [86258] Apache CloudStack text fields cross-site scripting
10801| [85983] Apache Subversion mod_dav_svn module denial of service
10802| [85875] Apache OFBiz UEL code execution
10803| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10804| [85871] Apache HTTP Server mod_session_dbd unspecified
10805| [85756] Apache Struts OGNL expression command execution
10806| [85755] Apache Struts DefaultActionMapper class open redirect
10807| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10808| [85574] Apache HTTP Server mod_dav denial of service
10809| [85573] Apache Struts Showcase App OGNL code execution
10810| [85496] Apache CXF denial of service
10811| [85423] Apache Geronimo RMI classloader code execution
10812| [85326] Apache Santuario XML Security for C++ buffer overflow
10813| [85323] Apache Santuario XML Security for Java spoofing
10814| [85319] Apache Qpid Python client SSL spoofing
10815| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10816| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10817| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10818| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10819| [84952] Apache Tomcat CVE-2012-3544 denial of service
10820| [84763] Apache Struts CVE-2013-2135 security bypass
10821| [84762] Apache Struts CVE-2013-2134 security bypass
10822| [84719] Apache Subversion CVE-2013-2088 command execution
10823| [84718] Apache Subversion CVE-2013-2112 denial of service
10824| [84717] Apache Subversion CVE-2013-1968 denial of service
10825| [84577] Apache Tomcat security bypass
10826| [84576] Apache Tomcat symlink
10827| [84543] Apache Struts CVE-2013-2115 security bypass
10828| [84542] Apache Struts CVE-2013-1966 security bypass
10829| [84154] Apache Tomcat session hijacking
10830| [84144] Apache Tomcat denial of service
10831| [84143] Apache Tomcat information disclosure
10832| [84111] Apache HTTP Server command execution
10833| [84043] Apache Virtual Computing Lab cross-site scripting
10834| [84042] Apache Virtual Computing Lab cross-site scripting
10835| [83782] Apache CloudStack information disclosure
10836| [83781] Apache CloudStack security bypass
10837| [83720] Apache ActiveMQ cross-site scripting
10838| [83719] Apache ActiveMQ denial of service
10839| [83718] Apache ActiveMQ denial of service
10840| [83263] Apache Subversion denial of service
10841| [83262] Apache Subversion denial of service
10842| [83261] Apache Subversion denial of service
10843| [83259] Apache Subversion denial of service
10844| [83035] Apache mod_ruid2 security bypass
10845| [82852] Apache Qpid federation_tag security bypass
10846| [82851] Apache Qpid qpid::framing::Buffer denial of service
10847| [82758] Apache Rave User RPC API information disclosure
10848| [82663] Apache Subversion svn_fs_file_length() denial of service
10849| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10850| [82641] Apache Qpid AMQP denial of service
10851| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10852| [82618] Apache Commons FileUpload symlink
10853| [82360] Apache HTTP Server manager interface cross-site scripting
10854| [82359] Apache HTTP Server hostnames cross-site scripting
10855| [82338] Apache Tomcat log/logdir information disclosure
10856| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10857| [82268] Apache OpenJPA deserialization command execution
10858| [81981] Apache CXF UsernameTokens security bypass
10859| [81980] Apache CXF WS-Security security bypass
10860| [81398] Apache OFBiz cross-site scripting
10861| [81240] Apache CouchDB directory traversal
10862| [81226] Apache CouchDB JSONP code execution
10863| [81225] Apache CouchDB Futon user interface cross-site scripting
10864| [81211] Apache Axis2/C SSL spoofing
10865| [81167] Apache CloudStack DeployVM information disclosure
10866| [81166] Apache CloudStack AddHost API information disclosure
10867| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10868| [80518] Apache Tomcat cross-site request forgery security bypass
10869| [80517] Apache Tomcat FormAuthenticator security bypass
10870| [80516] Apache Tomcat NIO denial of service
10871| [80408] Apache Tomcat replay-countermeasure security bypass
10872| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10873| [80317] Apache Tomcat slowloris denial of service
10874| [79984] Apache Commons HttpClient SSL spoofing
10875| [79983] Apache CXF SSL spoofing
10876| [79830] Apache Axis2/Java SSL spoofing
10877| [79829] Apache Axis SSL spoofing
10878| [79809] Apache Tomcat DIGEST security bypass
10879| [79806] Apache Tomcat parseHeaders() denial of service
10880| [79540] Apache OFBiz unspecified
10881| [79487] Apache Axis2 SAML security bypass
10882| [79212] Apache Cloudstack code execution
10883| [78734] Apache CXF SOAP Action security bypass
10884| [78730] Apache Qpid broker denial of service
10885| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10886| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10887| [78562] Apache mod_pagespeed module security bypass
10888| [78454] Apache Axis2 security bypass
10889| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10890| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10891| [78321] Apache Wicket unspecified cross-site scripting
10892| [78183] Apache Struts parameters denial of service
10893| [78182] Apache Struts cross-site request forgery
10894| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10895| [77987] mod_rpaf module for Apache denial of service
10896| [77958] Apache Struts skill name code execution
10897| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10898| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10899| [77568] Apache Qpid broker security bypass
10900| [77421] Apache Libcloud spoofing
10901| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10902| [77046] Oracle Solaris Apache HTTP Server information disclosure
10903| [76837] Apache Hadoop information disclosure
10904| [76802] Apache Sling CopyFrom denial of service
10905| [76692] Apache Hadoop symlink
10906| [76535] Apache Roller console cross-site request forgery
10907| [76534] Apache Roller weblog cross-site scripting
10908| [76152] Apache CXF elements security bypass
10909| [76151] Apache CXF child policies security bypass
10910| [75983] MapServer for Windows Apache file include
10911| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10912| [75558] Apache POI denial of service
10913| [75545] PHP apache_request_headers() buffer overflow
10914| [75302] Apache Qpid SASL security bypass
10915| [75211] Debian GNU/Linux apache 2 cross-site scripting
10916| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10917| [74871] Apache OFBiz FlexibleStringExpander code execution
10918| [74870] Apache OFBiz multiple cross-site scripting
10919| [74750] Apache Hadoop unspecified spoofing
10920| [74319] Apache Struts XSLTResult.java file upload
10921| [74313] Apache Traffic Server header buffer overflow
10922| [74276] Apache Wicket directory traversal
10923| [74273] Apache Wicket unspecified cross-site scripting
10924| [74181] Apache HTTP Server mod_fcgid module denial of service
10925| [73690] Apache Struts OGNL code execution
10926| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10927| [73100] Apache MyFaces in directory traversal
10928| [73096] Apache APR hash denial of service
10929| [73052] Apache Struts name cross-site scripting
10930| [73030] Apache CXF UsernameToken security bypass
10931| [72888] Apache Struts lastName cross-site scripting
10932| [72758] Apache HTTP Server httpOnly information disclosure
10933| [72757] Apache HTTP Server MPM denial of service
10934| [72585] Apache Struts ParameterInterceptor security bypass
10935| [72438] Apache Tomcat Digest security bypass
10936| [72437] Apache Tomcat Digest security bypass
10937| [72436] Apache Tomcat DIGEST security bypass
10938| [72425] Apache Tomcat parameter denial of service
10939| [72422] Apache Tomcat request object information disclosure
10940| [72377] Apache HTTP Server scoreboard security bypass
10941| [72345] Apache HTTP Server HTTP request denial of service
10942| [72229] Apache Struts ExceptionDelegator command execution
10943| [72089] Apache Struts ParameterInterceptor directory traversal
10944| [72088] Apache Struts CookieInterceptor command execution
10945| [72047] Apache Geronimo hash denial of service
10946| [72016] Apache Tomcat hash denial of service
10947| [71711] Apache Struts OGNL expression code execution
10948| [71654] Apache Struts interfaces security bypass
10949| [71620] Apache ActiveMQ failover denial of service
10950| [71617] Apache HTTP Server mod_proxy module information disclosure
10951| [71508] Apache MyFaces EL security bypass
10952| [71445] Apache HTTP Server mod_proxy security bypass
10953| [71203] Apache Tomcat servlets privilege escalation
10954| [71181] Apache HTTP Server ap_pregsub() denial of service
10955| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10956| [70336] Apache HTTP Server mod_proxy information disclosure
10957| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10958| [69472] Apache Tomcat AJP security bypass
10959| [69396] Apache HTTP Server ByteRange filter denial of service
10960| [69394] Apache Wicket multi window support cross-site scripting
10961| [69176] Apache Tomcat XML information disclosure
10962| [69161] Apache Tomcat jsvc information disclosure
10963| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10964| [68541] Apache Tomcat sendfile information disclosure
10965| [68420] Apache XML Security denial of service
10966| [68238] Apache Tomcat JMX information disclosure
10967| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10968| [67804] Apache Subversion control rules information disclosure
10969| [67803] Apache Subversion control rules denial of service
10970| [67802] Apache Subversion baselined denial of service
10971| [67672] Apache Archiva multiple cross-site scripting
10972| [67671] Apache Archiva multiple cross-site request forgery
10973| [67564] Apache APR apr_fnmatch() denial of service
10974| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10975| [67515] Apache Tomcat annotations security bypass
10976| [67480] Apache Struts s:submit information disclosure
10977| [67414] Apache APR apr_fnmatch() denial of service
10978| [67356] Apache Struts javatemplates cross-site scripting
10979| [67354] Apache Struts Xwork cross-site scripting
10980| [66676] Apache Tomcat HTTP BIO information disclosure
10981| [66675] Apache Tomcat web.xml security bypass
10982| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10983| [66241] Apache HttpComponents information disclosure
10984| [66154] Apache Tomcat ServletSecurity security bypass
10985| [65971] Apache Tomcat ServletSecurity security bypass
10986| [65876] Apache Subversion mod_dav_svn denial of service
10987| [65343] Apache Continuum unspecified cross-site scripting
10988| [65162] Apache Tomcat NIO connector denial of service
10989| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10990| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10991| [65159] Apache Tomcat ServletContect security bypass
10992| [65050] Apache CouchDB web-based administration UI cross-site scripting
10993| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10994| [64473] Apache Subversion blame -g denial of service
10995| [64472] Apache Subversion walk() denial of service
10996| [64407] Apache Axis2 CVE-2010-0219 code execution
10997| [63926] Apache Archiva password privilege escalation
10998| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10999| [63493] Apache Archiva credentials cross-site request forgery
11000| [63477] Apache Tomcat HttpOnly session hijacking
11001| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11002| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11003| [62959] Apache Shiro filters security bypass
11004| [62790] Apache Perl cgi module denial of service
11005| [62576] Apache Qpid exchange denial of service
11006| [62575] Apache Qpid AMQP denial of service
11007| [62354] Apache Qpid SSL denial of service
11008| [62235] Apache APR-util apr_brigade_split_line() denial of service
11009| [62181] Apache XML-RPC SAX Parser information disclosure
11010| [61721] Apache Traffic Server cache poisoning
11011| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11012| [61186] Apache CouchDB Futon cross-site request forgery
11013| [61169] Apache CXF DTD denial of service
11014| [61070] Apache Jackrabbit search.jsp SQL injection
11015| [61006] Apache SLMS Quoting cross-site request forgery
11016| [60962] Apache Tomcat time cross-site scripting
11017| [60883] Apache mod_proxy_http information disclosure
11018| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11019| [60264] Apache Tomcat Transfer-Encoding denial of service
11020| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11021| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11022| [59413] Apache mod_proxy_http timeout information disclosure
11023| [59058] Apache MyFaces unencrypted view state cross-site scripting
11024| [58827] Apache Axis2 xsd file include
11025| [58790] Apache Axis2 modules cross-site scripting
11026| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11027| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11028| [58056] Apache ActiveMQ .jsp source code disclosure
11029| [58055] Apache Tomcat realm name information disclosure
11030| [58046] Apache HTTP Server mod_auth_shadow security bypass
11031| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11032| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11033| [57429] Apache CouchDB algorithms information disclosure
11034| [57398] Apache ActiveMQ Web console cross-site request forgery
11035| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11036| [56653] Apache HTTP Server DNS spoofing
11037| [56652] Apache HTTP Server DNS cross-site scripting
11038| [56625] Apache HTTP Server request header information disclosure
11039| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11040| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11041| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11042| [55857] Apache Tomcat WAR files directory traversal
11043| [55856] Apache Tomcat autoDeploy attribute security bypass
11044| [55855] Apache Tomcat WAR directory traversal
11045| [55210] Intuit component for Joomla! Apache information disclosure
11046| [54533] Apache Tomcat 404 error page cross-site scripting
11047| [54182] Apache Tomcat admin default password
11048| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11049| [53666] Apache HTTP Server Solaris pollset support denial of service
11050| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11051| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11052| [53041] mod_proxy_ftp module for Apache denial of service
11053| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11054| [51953] Apache Tomcat Path Disclosure
11055| [51952] Apache Tomcat Path Traversal
11056| [51951] Apache stronghold-status Information Disclosure
11057| [51950] Apache stronghold-info Information Disclosure
11058| [51949] Apache PHP Source Code Disclosure
11059| [51948] Apache Multiviews Attack
11060| [51946] Apache JServ Environment Status Information Disclosure
11061| [51945] Apache error_log Information Disclosure
11062| [51944] Apache Default Installation Page Pattern Found
11063| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11064| [51942] Apache AXIS XML External Entity File Retrieval
11065| [51941] Apache AXIS Sample Servlet Information Leak
11066| [51940] Apache access_log Information Disclosure
11067| [51626] Apache mod_deflate denial of service
11068| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11069| [51365] Apache Tomcat RequestDispatcher security bypass
11070| [51273] Apache HTTP Server Incomplete Request denial of service
11071| [51195] Apache Tomcat XML information disclosure
11072| [50994] Apache APR-util xml/apr_xml.c denial of service
11073| [50993] Apache APR-util apr_brigade_vprintf denial of service
11074| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11075| [50930] Apache Tomcat j_security_check information disclosure
11076| [50928] Apache Tomcat AJP denial of service
11077| [50884] Apache HTTP Server XML ENTITY denial of service
11078| [50808] Apache HTTP Server AllowOverride privilege escalation
11079| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11080| [50059] Apache mod_proxy_ajp information disclosure
11081| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11082| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11083| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11084| [49921] Apache ActiveMQ Web interface cross-site scripting
11085| [49898] Apache Geronimo Services/Repository directory traversal
11086| [49725] Apache Tomcat mod_jk module information disclosure
11087| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11088| [49712] Apache Struts unspecified cross-site scripting
11089| [49213] Apache Tomcat cal2.jsp cross-site scripting
11090| [48934] Apache Tomcat POST doRead method information disclosure
11091| [48211] Apache Tomcat header HTTP request smuggling
11092| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11093| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11094| [47709] Apache Roller "
11095| [47104] Novell Netware ApacheAdmin console security bypass
11096| [47086] Apache HTTP Server OS fingerprinting unspecified
11097| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11098| [45791] Apache Tomcat RemoteFilterValve security bypass
11099| [44435] Oracle WebLogic Apache Connector buffer overflow
11100| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11101| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11102| [44156] Apache Tomcat RequestDispatcher directory traversal
11103| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11104| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11105| [42987] Apache HTTP Server mod_proxy module denial of service
11106| [42915] Apache Tomcat JSP files path disclosure
11107| [42914] Apache Tomcat MS-DOS path disclosure
11108| [42892] Apache Tomcat unspecified unauthorized access
11109| [42816] Apache Tomcat Host Manager cross-site scripting
11110| [42303] Apache 403 error cross-site scripting
11111| [41618] Apache-SSL ExpandCert() authentication bypass
11112| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11113| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11114| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11115| [40562] Apache Geronimo init information disclosure
11116| [40478] Novell Web Manager webadmin-apache.conf security bypass
11117| [40411] Apache Tomcat exception handling information disclosure
11118| [40409] Apache Tomcat native (APR based) connector weak security
11119| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11120| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11121| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11122| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11123| [39804] Apache Tomcat SingleSignOn information disclosure
11124| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11125| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11126| [39608] Apache HTTP Server balancer manager cross-site request forgery
11127| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11128| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11129| [39472] Apache HTTP Server mod_status cross-site scripting
11130| [39201] Apache Tomcat JULI logging weak security
11131| [39158] Apache HTTP Server Windows SMB shares information disclosure
11132| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11133| [38951] Apache::AuthCAS Perl module cookie SQL injection
11134| [38800] Apache HTTP Server 413 error page cross-site scripting
11135| [38211] Apache Geronimo SQLLoginModule authentication bypass
11136| [37243] Apache Tomcat WebDAV directory traversal
11137| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11138| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11139| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11140| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11141| [36782] Apache Geronimo MEJB unauthorized access
11142| [36586] Apache HTTP Server UTF-7 cross-site scripting
11143| [36468] Apache Geronimo LoginModule security bypass
11144| [36467] Apache Tomcat functions.jsp cross-site scripting
11145| [36402] Apache Tomcat calendar cross-site request forgery
11146| [36354] Apache HTTP Server mod_proxy module denial of service
11147| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11148| [36336] Apache Derby lock table privilege escalation
11149| [36335] Apache Derby schema privilege escalation
11150| [36006] Apache Tomcat "
11151| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11152| [35999] Apache Tomcat \"
11153| [35795] Apache Tomcat CookieExample cross-site scripting
11154| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11155| [35384] Apache HTTP Server mod_cache module denial of service
11156| [35097] Apache HTTP Server mod_status module cross-site scripting
11157| [35095] Apache HTTP Server Prefork MPM module denial of service
11158| [34984] Apache HTTP Server recall_headers information disclosure
11159| [34966] Apache HTTP Server MPM content spoofing
11160| [34965] Apache HTTP Server MPM information disclosure
11161| [34963] Apache HTTP Server MPM multiple denial of service
11162| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11163| [34869] Apache Tomcat JSP example Web application cross-site scripting
11164| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11165| [34496] Apache Tomcat JK Connector security bypass
11166| [34377] Apache Tomcat hello.jsp cross-site scripting
11167| [34212] Apache Tomcat SSL configuration security bypass
11168| [34210] Apache Tomcat Accept-Language cross-site scripting
11169| [34209] Apache Tomcat calendar application cross-site scripting
11170| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11171| [34167] Apache Axis WSDL file path disclosure
11172| [34068] Apache Tomcat AJP connector information disclosure
11173| [33584] Apache HTTP Server suEXEC privilege escalation
11174| [32988] Apache Tomcat proxy module directory traversal
11175| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11176| [32708] Debian Apache tty privilege escalation
11177| [32441] ApacheStats extract() PHP call unspecified
11178| [32128] Apache Tomcat default account
11179| [31680] Apache Tomcat RequestParamExample cross-site scripting
11180| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11181| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11182| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11183| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11184| [29550] Apache mod_tcl set_var() format string
11185| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11186| [28357] Apache HTTP Server mod_alias script source information disclosure
11187| [28063] Apache mod_rewrite off-by-one buffer overflow
11188| [27902] Apache Tomcat URL information disclosure
11189| [26786] Apache James SMTP server denial of service
11190| [25680] libapache2 /tmp/svn file upload
11191| [25614] Apache Struts lookupMap cross-site scripting
11192| [25613] Apache Struts ActionForm denial of service
11193| [25612] Apache Struts isCancelled() security bypass
11194| [24965] Apache mod_python FileSession command execution
11195| [24716] Apache James spooler memory leak denial of service
11196| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11197| [24158] Apache Geronimo jsp-examples cross-site scripting
11198| [24030] Apache auth_ldap module multiple format strings
11199| [24008] Apache mod_ssl custom error message denial of service
11200| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11201| [23612] Apache mod_imap referer field cross-site scripting
11202| [23173] Apache Struts error message cross-site scripting
11203| [22942] Apache Tomcat directory listing denial of service
11204| [22858] Apache Multi-Processing Module code allows denial of service
11205| [22602] RHSA-2005:582 updates for Apache httpd not installed
11206| [22520] Apache mod-auth-shadow "
11207| [22466] ApacheTop symlink
11208| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11209| [22006] Apache HTTP Server byte-range filter denial of service
11210| [21567] Apache mod_ssl off-by-one buffer overflow
11211| [21195] Apache HTTP Server header HTTP request smuggling
11212| [20383] Apache HTTP Server htdigest buffer overflow
11213| [19681] Apache Tomcat AJP12 request denial of service
11214| [18993] Apache HTTP server check_forensic symlink attack
11215| [18790] Apache Tomcat Manager cross-site scripting
11216| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11217| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11218| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11219| [17961] Apache Web server ServerTokens has not been set
11220| [17930] Apache HTTP Server HTTP GET request denial of service
11221| [17785] Apache mod_include module buffer overflow
11222| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11223| [17473] Apache HTTP Server Satisfy directive allows access to resources
11224| [17413] Apache htpasswd buffer overflow
11225| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11226| [17382] Apache HTTP Server IPv6 apr_util denial of service
11227| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11228| [17273] Apache HTTP Server speculative mode denial of service
11229| [17200] Apache HTTP Server mod_ssl denial of service
11230| [16890] Apache HTTP Server server-info request has been detected
11231| [16889] Apache HTTP Server server-status request has been detected
11232| [16705] Apache mod_ssl format string attack
11233| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11234| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11235| [16230] Apache HTTP Server PHP denial of service
11236| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11237| [15958] Apache HTTP Server authentication modules memory corruption
11238| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11239| [15540] Apache HTTP Server socket starvation denial of service
11240| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11241| [15422] Apache HTTP Server mod_access information disclosure
11242| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11243| [15293] Apache for Cygwin "
11244| [15065] Apache-SSL has a default password
11245| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11246| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11247| [14751] Apache Mod_python output filter information disclosure
11248| [14125] Apache HTTP Server mod_userdir module information disclosure
11249| [14075] Apache HTTP Server mod_php file descriptor leak
11250| [13703] Apache HTTP Server account
11251| [13689] Apache HTTP Server configuration allows symlinks
11252| [13688] Apache HTTP Server configuration allows SSI
11253| [13687] Apache HTTP Server Server: header value
11254| [13685] Apache HTTP Server ServerTokens value
11255| [13684] Apache HTTP Server ServerSignature value
11256| [13672] Apache HTTP Server config allows directory autoindexing
11257| [13671] Apache HTTP Server default content
11258| [13670] Apache HTTP Server config file directive references outside content root
11259| [13668] Apache HTTP Server httpd not running in chroot environment
11260| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11261| [13664] Apache HTTP Server config file contains ScriptAlias entry
11262| [13663] Apache HTTP Server CGI support modules loaded
11263| [13661] Apache HTTP Server config file contains AddHandler entry
11264| [13660] Apache HTTP Server 500 error page not CGI script
11265| [13659] Apache HTTP Server 413 error page not CGI script
11266| [13658] Apache HTTP Server 403 error page not CGI script
11267| [13657] Apache HTTP Server 401 error page not CGI script
11268| [13552] Apache HTTP Server mod_cgid module information disclosure
11269| [13550] Apache GET request directory traversal
11270| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11271| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11272| [13429] Apache Tomcat non-HTTP request denial of service
11273| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11274| [13295] Apache weak password encryption
11275| [13254] Apache Tomcat .jsp cross-site scripting
11276| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11277| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11278| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11279| [12662] Apache HTTP Server rotatelogs denial of service
11280| [12554] Apache Tomcat stores password in plain text
11281| [12553] Apache HTTP Server redirects and subrequests denial of service
11282| [12552] Apache HTTP Server FTP proxy server denial of service
11283| [12551] Apache HTTP Server prefork MPM denial of service
11284| [12550] Apache HTTP Server weaker than expected encryption
11285| [12549] Apache HTTP Server type-map file denial of service
11286| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11287| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11288| [12091] Apache HTTP Server apr_password_validate denial of service
11289| [12090] Apache HTTP Server apr_psprintf code execution
11290| [11804] Apache HTTP Server mod_access_referer denial of service
11291| [11750] Apache HTTP Server could leak sensitive file descriptors
11292| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11293| [11703] Apache long slash path allows directory listing
11294| [11695] Apache HTTP Server LF (Line Feed) denial of service
11295| [11694] Apache HTTP Server filestat.c denial of service
11296| [11438] Apache HTTP Server MIME message boundaries information disclosure
11297| [11412] Apache HTTP Server error log terminal escape sequence injection
11298| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11299| [11195] Apache Tomcat web.xml could be used to read files
11300| [11194] Apache Tomcat URL appended with a null character could list directories
11301| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11302| [11126] Apache HTTP Server illegal character file disclosure
11303| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11304| [11124] Apache HTTP Server DOS device name denial of service
11305| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11306| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11307| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11308| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11309| [10499] Apache HTTP Server WebDAV HTTP POST view source
11310| [10457] Apache HTTP Server mod_ssl "
11311| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11312| [10414] Apache HTTP Server htdigest multiple buffer overflows
11313| [10413] Apache HTTP Server htdigest temporary file race condition
11314| [10412] Apache HTTP Server htpasswd temporary file race condition
11315| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11316| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11317| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11318| [10280] Apache HTTP Server shared memory scorecard overwrite
11319| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11320| [10241] Apache HTTP Server Host: header cross-site scripting
11321| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11322| [10208] Apache HTTP Server mod_dav denial of service
11323| [10206] HP VVOS Apache mod_ssl denial of service
11324| [10200] Apache HTTP Server stderr denial of service
11325| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11326| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11327| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11328| [10098] Slapper worm targets OpenSSL/Apache systems
11329| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11330| [9875] Apache HTTP Server .var file request could disclose installation path
11331| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11332| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11333| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11334| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11335| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11336| [9396] Apache Tomcat null character to threads denial of service
11337| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11338| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11339| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11340| [8932] Apache Tomcat example class information disclosure
11341| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11342| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11343| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11344| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11345| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11346| [8400] Apache HTTP Server mod_frontpage buffer overflows
11347| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11348| [8308] Apache "
11349| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11350| [8119] Apache and PHP OPTIONS request reveals "
11351| [8054] Apache is running on the system
11352| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11353| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11354| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11355| [7836] Apache HTTP Server log directory denial of service
11356| [7815] Apache for Windows "
11357| [7810] Apache HTTP request could result in unexpected behavior
11358| [7599] Apache Tomcat reveals installation path
11359| [7494] Apache "
11360| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11361| [7363] Apache Web Server hidden HTTP requests
11362| [7249] Apache mod_proxy denial of service
11363| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11364| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11365| [7059] Apache "
11366| [7057] Apache "
11367| [7056] Apache "
11368| [7055] Apache "
11369| [7054] Apache "
11370| [6997] Apache Jakarta Tomcat error message may reveal information
11371| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11372| [6970] Apache crafted HTTP request could reveal the internal IP address
11373| [6921] Apache long slash path allows directory listing
11374| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11375| [6527] Apache Web Server for Windows and OS2 denial of service
11376| [6316] Apache Jakarta Tomcat may reveal JSP source code
11377| [6305] Apache Jakarta Tomcat directory traversal
11378| [5926] Linux Apache symbolic link
11379| [5659] Apache Web server discloses files when used with php script
11380| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11381| [5204] Apache WebDAV directory listings
11382| [5197] Apache Web server reveals CGI script source code
11383| [5160] Apache Jakarta Tomcat default installation
11384| [5099] Trustix Secure Linux installs Apache with world writable access
11385| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11386| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11387| [4931] Apache source.asp example file allows users to write to files
11388| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11389| [4205] Apache Jakarta Tomcat delivers file contents
11390| [2084] Apache on Debian by default serves the /usr/doc directory
11391| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11392| [697] Apache HTTP server beck exploit
11393| [331] Apache cookies buffer overflow
11394|
11395| Exploit-DB - https://www.exploit-db.com:
11396| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11397| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11398| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11399| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11400| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11401| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11402| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11403| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11404| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11405| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11406| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11407| [29859] Apache Roller OGNL Injection
11408| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11409| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11410| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11411| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11412| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11413| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11414| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11415| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11416| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11417| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11418| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11419| [27096] Apache Geronimo 1.0 Error Page XSS
11420| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11421| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11422| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11423| [25986] Plesk Apache Zeroday Remote Exploit
11424| [25980] Apache Struts includeParams Remote Code Execution
11425| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11426| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11427| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11428| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11429| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11430| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11431| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11432| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11433| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11434| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11435| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11436| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11437| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11438| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11439| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11440| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11441| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11442| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11443| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11444| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11445| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11446| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11447| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11448| [21719] Apache 2.0 Path Disclosure Vulnerability
11449| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11450| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11451| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11452| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11453| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11454| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11455| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11456| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11457| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11458| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11459| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11460| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11461| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11462| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11463| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11464| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11465| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11466| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11467| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11468| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11469| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11470| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11471| [20558] Apache 1.2 Web Server DoS Vulnerability
11472| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11473| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11474| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11475| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11476| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11477| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11478| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11479| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11480| [19231] PHP apache_request_headers Function Buffer Overflow
11481| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11482| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11483| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11484| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11485| [18442] Apache httpOnly Cookie Disclosure
11486| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11487| [18221] Apache HTTP Server Denial of Service
11488| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11489| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11490| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11491| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11492| [16782] Apache Win32 Chunked Encoding
11493| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11494| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11495| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11496| [15319] Apache 2.2 (Windows) Local Denial of Service
11497| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11498| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11499| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11500| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11501| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11502| [12330] Apache OFBiz - Multiple XSS
11503| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11504| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11505| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11506| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11507| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11508| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11509| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11510| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11511| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11512| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11513| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11514| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11515| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11516| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11517| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11518| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11519| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11520| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11521| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11522| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11523| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11524| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11525| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11526| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11527| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11528| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11529| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11530| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11531| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11532| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11533| [466] htpasswd Apache 1.3.31 - Local Exploit
11534| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11535| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11536| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11537| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11538| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11539| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11540| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11541| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11542| [9] Apache HTTP Server 2.x Memory Leak Exploit
11543|
11544| OpenVAS (Nessus) - http://www.openvas.org:
11545| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11546| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11547| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11548| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11549| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11550| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11551| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11552| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11553| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11554| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11555| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11556| [900571] Apache APR-Utils Version Detection
11557| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11558| [900496] Apache Tiles Multiple XSS Vulnerability
11559| [900493] Apache Tiles Version Detection
11560| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11561| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11562| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11563| [870175] RedHat Update for apache RHSA-2008:0004-01
11564| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11565| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11566| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11567| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11568| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11569| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11570| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11571| [855821] Solaris Update for Apache 1.3 122912-19
11572| [855812] Solaris Update for Apache 1.3 122911-19
11573| [855737] Solaris Update for Apache 1.3 122911-17
11574| [855731] Solaris Update for Apache 1.3 122912-17
11575| [855695] Solaris Update for Apache 1.3 122911-16
11576| [855645] Solaris Update for Apache 1.3 122912-16
11577| [855587] Solaris Update for kernel update and Apache 108529-29
11578| [855566] Solaris Update for Apache 116973-07
11579| [855531] Solaris Update for Apache 116974-07
11580| [855524] Solaris Update for Apache 2 120544-14
11581| [855494] Solaris Update for Apache 1.3 122911-15
11582| [855478] Solaris Update for Apache Security 114145-11
11583| [855472] Solaris Update for Apache Security 113146-12
11584| [855179] Solaris Update for Apache 1.3 122912-15
11585| [855147] Solaris Update for kernel update and Apache 108528-29
11586| [855077] Solaris Update for Apache 2 120543-14
11587| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11588| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11589| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11590| [841209] Ubuntu Update for apache2 USN-1627-1
11591| [840900] Ubuntu Update for apache2 USN-1368-1
11592| [840798] Ubuntu Update for apache2 USN-1259-1
11593| [840734] Ubuntu Update for apache2 USN-1199-1
11594| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11595| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11596| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11597| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11598| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11599| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11600| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11601| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11602| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11603| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11604| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11605| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11606| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11607| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11608| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11609| [835188] HP-UX Update for Apache HPSBUX02308
11610| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11611| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11612| [835172] HP-UX Update for Apache HPSBUX02365
11613| [835168] HP-UX Update for Apache HPSBUX02313
11614| [835148] HP-UX Update for Apache HPSBUX01064
11615| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11616| [835131] HP-UX Update for Apache HPSBUX00256
11617| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11618| [835104] HP-UX Update for Apache HPSBUX00224
11619| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11620| [835101] HP-UX Update for Apache HPSBUX01232
11621| [835080] HP-UX Update for Apache HPSBUX02273
11622| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11623| [835044] HP-UX Update for Apache HPSBUX01019
11624| [835040] HP-UX Update for Apache PHP HPSBUX00207
11625| [835025] HP-UX Update for Apache HPSBUX00197
11626| [835023] HP-UX Update for Apache HPSBUX01022
11627| [835022] HP-UX Update for Apache HPSBUX02292
11628| [835005] HP-UX Update for Apache HPSBUX02262
11629| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11630| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11631| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11632| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11633| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11634| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11635| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11636| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11637| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11638| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11639| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11640| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11641| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11642| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11643| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11644| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11645| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11646| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11647| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11648| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11649| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11650| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11651| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11652| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11653| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11654| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11655| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11656| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11657| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11658| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11659| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11660| [801942] Apache Archiva Multiple Vulnerabilities
11661| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11662| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11663| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11664| [801284] Apache Derby Information Disclosure Vulnerability
11665| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11666| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11667| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11668| [800680] Apache APR Version Detection
11669| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11670| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11671| [800677] Apache Roller Version Detection
11672| [800279] Apache mod_jk Module Version Detection
11673| [800278] Apache Struts Cross Site Scripting Vulnerability
11674| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11675| [800276] Apache Struts Version Detection
11676| [800271] Apache Struts Directory Traversal Vulnerability
11677| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11678| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11679| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11680| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11681| [103074] Apache Continuum Cross Site Scripting Vulnerability
11682| [103073] Apache Continuum Detection
11683| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11684| [101023] Apache Open For Business Weak Password security check
11685| [101020] Apache Open For Business HTML injection vulnerability
11686| [101019] Apache Open For Business service detection
11687| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11688| [100923] Apache Archiva Detection
11689| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11690| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11691| [100813] Apache Axis2 Detection
11692| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11693| [100795] Apache Derby Detection
11694| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11695| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11696| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11697| [100514] Apache Multiple Security Vulnerabilities
11698| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11699| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11700| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11701| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11702| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11703| [72612] FreeBSD Ports: apache22
11704| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11705| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11706| [71512] FreeBSD Ports: apache
11707| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11708| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11709| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11710| [70737] FreeBSD Ports: apache
11711| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11712| [70600] FreeBSD Ports: apache
11713| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11714| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11715| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11716| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11717| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11718| [67868] FreeBSD Ports: apache
11719| [66816] FreeBSD Ports: apache
11720| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11721| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11722| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11723| [66081] SLES11: Security update for Apache 2
11724| [66074] SLES10: Security update for Apache 2
11725| [66070] SLES9: Security update for Apache 2
11726| [65998] SLES10: Security update for apache2-mod_python
11727| [65893] SLES10: Security update for Apache 2
11728| [65888] SLES10: Security update for Apache 2
11729| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11730| [65510] SLES9: Security update for Apache 2
11731| [65472] SLES9: Security update for Apache
11732| [65467] SLES9: Security update for Apache
11733| [65450] SLES9: Security update for apache2
11734| [65390] SLES9: Security update for Apache2
11735| [65363] SLES9: Security update for Apache2
11736| [65309] SLES9: Security update for Apache and mod_ssl
11737| [65296] SLES9: Security update for webdav apache module
11738| [65283] SLES9: Security update for Apache2
11739| [65249] SLES9: Security update for Apache 2
11740| [65230] SLES9: Security update for Apache 2
11741| [65228] SLES9: Security update for Apache 2
11742| [65212] SLES9: Security update for apache2-mod_python
11743| [65209] SLES9: Security update for apache2-worker
11744| [65207] SLES9: Security update for Apache 2
11745| [65168] SLES9: Security update for apache2-mod_python
11746| [65142] SLES9: Security update for Apache2
11747| [65136] SLES9: Security update for Apache 2
11748| [65132] SLES9: Security update for apache
11749| [65131] SLES9: Security update for Apache 2 oes/CORE
11750| [65113] SLES9: Security update for apache2
11751| [65072] SLES9: Security update for apache and mod_ssl
11752| [65017] SLES9: Security update for Apache 2
11753| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11754| [64783] FreeBSD Ports: apache
11755| [64774] Ubuntu USN-802-2 (apache2)
11756| [64653] Ubuntu USN-813-2 (apache2)
11757| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11758| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11759| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11760| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11761| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11762| [64443] Ubuntu USN-802-1 (apache2)
11763| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11764| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11765| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11766| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11767| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11768| [64201] Ubuntu USN-787-1 (apache2)
11769| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11770| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11771| [63565] FreeBSD Ports: apache
11772| [63562] Ubuntu USN-731-1 (apache2)
11773| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11774| [61185] FreeBSD Ports: apache
11775| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11776| [60387] Slackware Advisory SSA:2008-045-02 apache
11777| [58826] FreeBSD Ports: apache-tomcat
11778| [58825] FreeBSD Ports: apache-tomcat
11779| [58804] FreeBSD Ports: apache
11780| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11781| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11782| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11783| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11784| [57335] Debian Security Advisory DSA 1167-1 (apache)
11785| [57201] Debian Security Advisory DSA 1131-1 (apache)
11786| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11787| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11788| [57145] FreeBSD Ports: apache
11789| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11790| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11791| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11792| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11793| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11794| [56067] FreeBSD Ports: apache
11795| [55803] Slackware Advisory SSA:2005-310-04 apache
11796| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11797| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11798| [55355] FreeBSD Ports: apache
11799| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11800| [55261] Debian Security Advisory DSA 805-1 (apache2)
11801| [55259] Debian Security Advisory DSA 803-1 (apache)
11802| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11803| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11804| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11805| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11806| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11807| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11808| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11809| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11810| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11811| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11812| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11813| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11814| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11815| [54439] FreeBSD Ports: apache
11816| [53931] Slackware Advisory SSA:2004-133-01 apache
11817| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11818| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11819| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11820| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11821| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11822| [53848] Debian Security Advisory DSA 131-1 (apache)
11823| [53784] Debian Security Advisory DSA 021-1 (apache)
11824| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11825| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11826| [53735] Debian Security Advisory DSA 187-1 (apache)
11827| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11828| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11829| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11830| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11831| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11832| [53282] Debian Security Advisory DSA 594-1 (apache)
11833| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11834| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11835| [53215] Debian Security Advisory DSA 525-1 (apache)
11836| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11837| [52529] FreeBSD Ports: apache+ssl
11838| [52501] FreeBSD Ports: apache
11839| [52461] FreeBSD Ports: apache
11840| [52390] FreeBSD Ports: apache
11841| [52389] FreeBSD Ports: apache
11842| [52388] FreeBSD Ports: apache
11843| [52383] FreeBSD Ports: apache
11844| [52339] FreeBSD Ports: apache+mod_ssl
11845| [52331] FreeBSD Ports: apache
11846| [52329] FreeBSD Ports: ru-apache+mod_ssl
11847| [52314] FreeBSD Ports: apache
11848| [52310] FreeBSD Ports: apache
11849| [15588] Detect Apache HTTPS
11850| [15555] Apache mod_proxy content-length buffer overflow
11851| [15554] Apache mod_include priviledge escalation
11852| [14771] Apache <= 1.3.33 htpasswd local overflow
11853| [14177] Apache mod_access rule bypass
11854| [13644] Apache mod_rootme Backdoor
11855| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11856| [12280] Apache Connection Blocking Denial of Service
11857| [12239] Apache Error Log Escape Sequence Injection
11858| [12123] Apache Tomcat source.jsp malformed request information disclosure
11859| [12085] Apache Tomcat servlet/JSP container default files
11860| [11438] Apache Tomcat Directory Listing and File disclosure
11861| [11204] Apache Tomcat Default Accounts
11862| [11092] Apache 2.0.39 Win32 directory traversal
11863| [11046] Apache Tomcat TroubleShooter Servlet Installed
11864| [11042] Apache Tomcat DOS Device Name XSS
11865| [11041] Apache Tomcat /servlet Cross Site Scripting
11866| [10938] Apache Remote Command Execution via .bat files
11867| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11868| [10773] MacOS X Finder reveals contents of Apache Web files
11869| [10766] Apache UserDir Sensitive Information Disclosure
11870| [10756] MacOS X Finder reveals contents of Apache Web directories
11871| [10752] Apache Auth Module SQL Insertion Attack
11872| [10704] Apache Directory Listing
11873| [10678] Apache /server-info accessible
11874| [10677] Apache /server-status accessible
11875| [10440] Check for Apache Multiple / vulnerability
11876|
11877| SecurityTracker - https://www.securitytracker.com:
11878| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11879| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11880| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11881| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11882| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11883| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11884| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11885| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11886| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11887| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11888| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11889| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11890| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11891| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11892| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11893| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11894| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11895| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11896| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11897| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11898| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11899| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11900| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11901| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11902| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11903| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11904| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11905| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11906| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11907| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11908| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11909| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11910| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11911| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11912| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11913| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11914| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11915| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11916| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11917| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11918| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11919| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11920| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11921| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11922| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11923| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11924| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11925| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11926| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11927| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11928| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11929| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11930| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11931| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11932| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11933| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11934| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11935| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11936| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11937| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11938| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11939| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11940| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11941| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11942| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11943| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11944| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11945| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11946| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11947| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11948| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11949| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11950| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11951| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11952| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11953| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11954| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11955| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11956| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11957| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11958| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11959| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11960| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11961| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11962| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11963| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11964| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11965| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11966| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11967| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11968| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11969| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11970| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11971| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11972| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11973| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11974| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11975| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11976| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11977| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11978| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11979| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11980| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11981| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11982| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11983| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11984| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11985| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11986| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11987| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11988| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11989| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11990| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11991| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11992| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11993| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11994| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11995| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11996| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11997| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11998| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11999| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12000| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12001| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12002| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12003| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12004| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12005| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12006| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12007| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12008| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12009| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12010| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12011| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12012| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12013| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12014| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12015| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12016| [1008920] Apache mod_digest May Validate Replayed Client Responses
12017| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12018| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12019| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12020| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12021| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12022| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12023| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12024| [1008029] Apache mod_alias Contains a Buffer Overflow
12025| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12026| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12027| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12028| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12029| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12030| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12031| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12032| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12033| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12034| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12035| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12036| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12037| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12038| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12039| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12040| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12041| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12042| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12043| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12044| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12045| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12046| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12047| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12048| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12049| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12050| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12051| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12052| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12053| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12054| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12055| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12056| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12057| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12058| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12059| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12060| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12061| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12062| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12063| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12064| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12065| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12066| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12067| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12068| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12069| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12070| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12071| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12072| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12073| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12074| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12075| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12076| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12077| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12078| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12079| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12080| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12081|
12082| OSVDB - http://www.osvdb.org:
12083| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12084| [96077] Apache CloudStack Global Settings Multiple Field XSS
12085| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12086| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12087| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12088| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12089| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12090| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12091| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12092| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12093| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12094| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12095| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12096| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12097| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12098| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12099| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12100| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12101| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12102| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12103| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12104| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12105| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12106| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12107| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12108| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12109| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12110| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12111| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12112| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12113| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12114| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12115| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12116| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12117| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12118| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12119| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12120| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12121| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12122| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12123| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12124| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12125| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12126| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12127| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12128| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12129| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12130| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12131| [94279] Apache Qpid CA Certificate Validation Bypass
12132| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12133| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12134| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12135| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12136| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12137| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12138| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12139| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12140| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12141| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12142| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12143| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12144| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12145| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12146| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12147| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12148| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12149| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12150| [93541] Apache Solr json.wrf Callback XSS
12151| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12152| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12153| [93520] Apache CloudStack Default SSL Key Weakness
12154| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12155| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12156| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12157| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12158| [93515] Apache HBase table.jsp name Parameter XSS
12159| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12160| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12161| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12162| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12163| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12164| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12165| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12166| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12167| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12168| [93252] Apache Tomcat FORM Authenticator Session Fixation
12169| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12170| [93171] Apache Sling HtmlResponse Error Message XSS
12171| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12172| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12173| [93168] Apache Click ErrorReport.java id Parameter XSS
12174| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12175| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12176| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12177| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12178| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12179| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12180| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12181| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12182| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12183| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12184| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12185| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12186| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12187| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12188| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12189| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12190| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12191| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12192| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12193| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12194| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12195| [93144] Apache Solr Admin Command Execution CSRF
12196| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12197| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12198| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12199| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12200| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12201| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12202| [92748] Apache CloudStack VM Console Access Restriction Bypass
12203| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12204| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12205| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12206| [92706] Apache ActiveMQ Debug Log Rendering XSS
12207| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12208| [92270] Apache Tomcat Unspecified CSRF
12209| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12210| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12211| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12212| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12213| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12214| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12215| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12216| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12217| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12218| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12219| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12220| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12221| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12222| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12223| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12224| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12225| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12226| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12227| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12228| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12229| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12230| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12231| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12232| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12233| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12234| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12235| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12236| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12237| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12238| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12239| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12240| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12241| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12242| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12243| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12244| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12245| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12246| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12247| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12248| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12249| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12250| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12251| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12252| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12253| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12254| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12255| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12256| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12257| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12258| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12259| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12260| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12261| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12262| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12263| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12264| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12265| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12266| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12267| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12268| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12269| [86901] Apache Tomcat Error Message Path Disclosure
12270| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12271| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12272| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12273| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12274| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12275| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12276| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12277| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12278| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12279| [85430] Apache mod_pagespeed Module Unspecified XSS
12280| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12281| [85249] Apache Wicket Unspecified XSS
12282| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12283| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12284| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12285| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12286| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12287| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12288| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12289| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12290| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12291| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12292| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12293| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12294| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12295| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12296| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12297| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12298| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12299| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12300| [83339] Apache Roller Blogger Roll Unspecified XSS
12301| [83270] Apache Roller Unspecified Admin Action CSRF
12302| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12303| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12304| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12305| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12306| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12307| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12308| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12309| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12310| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12311| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12312| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12313| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12314| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12315| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12316| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12317| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12318| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12319| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12320| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12321| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12322| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12323| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12324| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12325| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12326| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12327| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12328| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12329| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12330| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12331| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12332| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12333| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12334| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12335| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12336| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12337| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12338| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12339| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12340| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12341| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12342| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12343| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12344| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12345| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12346| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12347| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12348| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12349| [77593] Apache Struts Conversion Error OGNL Expression Injection
12350| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12351| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12352| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12353| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12354| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12355| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12356| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12357| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12358| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12359| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12360| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12361| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12362| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12363| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12364| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12365| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12366| [74725] Apache Wicket Multi Window Support Unspecified XSS
12367| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12368| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12369| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12370| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12371| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12372| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12373| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12374| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12375| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12376| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12377| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12378| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12379| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12380| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12381| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12382| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12383| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12384| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12385| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12386| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12387| [73154] Apache Archiva Multiple Unspecified CSRF
12388| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12389| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12390| [72238] Apache Struts Action / Method Names <
12391| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12392| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12393| [71557] Apache Tomcat HTML Manager Multiple XSS
12394| [71075] Apache Archiva User Management Page XSS
12395| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12396| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12397| [70924] Apache Continuum Multiple Admin Function CSRF
12398| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12399| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12400| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12401| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12402| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12403| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12404| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12405| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12406| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12407| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12408| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12409| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12410| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12411| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12412| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12413| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12414| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12415| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12416| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12417| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12418| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12419| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12420| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12421| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12422| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12423| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12424| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12425| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12426| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12427| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12428| [65054] Apache ActiveMQ Jetty Error Handler XSS
12429| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12430| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12431| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12432| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12433| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12434| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12435| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12436| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12437| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12438| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12439| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12440| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12441| [63895] Apache HTTP Server mod_headers Unspecified Issue
12442| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12443| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12444| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12445| [63140] Apache Thrift Service Malformed Data Remote DoS
12446| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12447| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12448| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12449| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12450| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12451| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12452| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12453| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12454| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12455| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12456| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12457| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12458| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12459| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12460| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12461| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12462| [60678] Apache Roller Comment Email Notification Manipulation DoS
12463| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12464| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12465| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12466| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12467| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12468| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12469| [60232] PHP on Apache php.exe Direct Request Remote DoS
12470| [60176] Apache Tomcat Windows Installer Admin Default Password
12471| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12472| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12473| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12474| [59944] Apache Hadoop jobhistory.jsp XSS
12475| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12476| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12477| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12478| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12479| [59019] Apache mod_python Cookie Salting Weakness
12480| [59018] Apache Harmony Error Message Handling Overflow
12481| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12482| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12483| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12484| [59010] Apache Solr get-file.jsp XSS
12485| [59009] Apache Solr action.jsp XSS
12486| [59008] Apache Solr analysis.jsp XSS
12487| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12488| [59006] Apache Beehive select / checkbox Tag XSS
12489| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12490| [59004] Apache Beehive Error Message XSS
12491| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12492| [59002] Apache Jetspeed default-page.psml URI XSS
12493| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12494| [59000] Apache CXF Unsigned Message Policy Bypass
12495| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12496| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12497| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12498| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12499| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12500| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12501| [58993] Apache Hadoop browseBlock.jsp XSS
12502| [58991] Apache Hadoop browseDirectory.jsp XSS
12503| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12504| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12505| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12506| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12507| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12508| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12509| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12510| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12511| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12512| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12513| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12514| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12515| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12516| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12517| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12518| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12519| [58974] Apache Sling /apps Script User Session Management Access Weakness
12520| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12521| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12522| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12523| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12524| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12525| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12526| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12527| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12528| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12529| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12530| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12531| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12532| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12533| [58805] Apache Derby Unauthenticated Database / Admin Access
12534| [58804] Apache Wicket Header Contribution Unspecified Issue
12535| [58803] Apache Wicket Session Fixation
12536| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12537| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12538| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12539| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12540| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12541| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12542| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12543| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12544| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12545| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12546| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12547| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12548| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12549| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12550| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12551| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12552| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12553| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12554| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12555| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12556| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12557| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12558| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12559| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12560| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12561| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12562| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12563| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12564| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12565| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12566| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12567| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12568| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12569| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12570| [58755] Apache Harmony DRLVM Non-public Class Member Access
12571| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12572| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12573| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12574| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12575| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12576| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12577| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12578| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12579| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12580| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12581| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12582| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12583| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12584| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12585| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12586| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12587| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12588| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12589| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12590| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12591| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12592| [58724] Apache Roller Logout Functionality Failure Session Persistence
12593| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12594| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12595| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12596| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12597| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12598| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12599| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12600| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12601| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12602| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12603| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12604| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12605| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12606| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12607| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12608| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12609| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12610| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12611| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12612| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12613| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12614| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12615| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12616| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12617| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12618| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12619| [58687] Apache Axis Invalid wsdl Request XSS
12620| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12621| [58685] Apache Velocity Template Designer Privileged Code Execution
12622| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12623| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12624| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12625| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12626| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12627| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12628| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12629| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12630| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12631| [58667] Apache Roller Database Cleartext Passwords Disclosure
12632| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12633| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12634| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12635| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12636| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12637| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12638| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12639| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12640| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12641| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12642| [56984] Apache Xerces2 Java Malformed XML Input DoS
12643| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12644| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12645| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12646| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12647| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12648| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12649| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12650| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12651| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12652| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12653| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12654| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12655| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12656| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12657| [55056] Apache Tomcat Cross-application TLD File Manipulation
12658| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12659| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12660| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12661| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12662| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12663| [54589] Apache Jserv Nonexistent JSP Request XSS
12664| [54122] Apache Struts s:a / s:url Tag href Element XSS
12665| [54093] Apache ActiveMQ Web Console JMS Message XSS
12666| [53932] Apache Geronimo Multiple Admin Function CSRF
12667| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12668| [53930] Apache Geronimo /console/portal/ URI XSS
12669| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12670| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12671| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12672| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12673| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12674| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12675| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12676| [53380] Apache Struts Unspecified XSS
12677| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12678| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12679| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12680| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12681| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12682| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12683| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12684| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12685| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12686| [51151] Apache Roller Search Function q Parameter XSS
12687| [50482] PHP with Apache php_value Order Unspecified Issue
12688| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12689| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12690| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12691| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12692| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12693| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12694| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12695| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12696| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12697| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12698| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12699| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12700| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12701| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12702| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12703| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12704| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12705| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12706| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12707| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12708| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12709| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12710| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12711| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12712| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12713| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12714| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12715| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12716| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12717| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12718| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12719| [43452] Apache Tomcat HTTP Request Smuggling
12720| [43309] Apache Geronimo LoginModule Login Method Bypass
12721| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12722| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12723| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12724| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12725| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12726| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12727| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12728| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12729| [42091] Apache Maven Site Plugin Installation Permission Weakness
12730| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12731| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12732| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12733| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12734| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12735| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12736| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12737| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12738| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12739| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12740| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12741| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12742| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12743| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12744| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12745| [40262] Apache HTTP Server mod_status refresh XSS
12746| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12747| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12748| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12749| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12750| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12751| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12752| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12753| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12754| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12755| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12756| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12757| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12758| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12759| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12760| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12761| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12762| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12763| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12764| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12765| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12766| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12767| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12768| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12769| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12770| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12771| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12772| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12773| [36079] Apache Tomcat Manager Uploaded Filename XSS
12774| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12775| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12776| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12777| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12778| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12779| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12780| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12781| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12782| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12783| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12784| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12785| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12786| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12787| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12788| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12789| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12790| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12791| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12792| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12793| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12794| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12795| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12796| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12797| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12798| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12799| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12800| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12801| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12802| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12803| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12804| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12805| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12806| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12807| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12808| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12809| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12810| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12811| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12812| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12813| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12814| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12815| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12816| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12817| [24365] Apache Struts Multiple Function Error Message XSS
12818| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12819| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12820| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12821| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12822| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12823| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12824| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12825| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12826| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12827| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12828| [22459] Apache Geronimo Error Page XSS
12829| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12830| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12831| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12832| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12833| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12834| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12835| [21021] Apache Struts Error Message XSS
12836| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12837| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12838| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12839| [20439] Apache Tomcat Directory Listing Saturation DoS
12840| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12841| [20285] Apache HTTP Server Log File Control Character Injection
12842| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12843| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12844| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12845| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12846| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12847| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12848| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12849| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12850| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12851| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12852| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12853| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12854| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12855| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12856| [18233] Apache HTTP Server htdigest user Variable Overfow
12857| [17738] Apache HTTP Server HTTP Request Smuggling
12858| [16586] Apache HTTP Server Win32 GET Overflow DoS
12859| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12860| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12861| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12862| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12863| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12864| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12865| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12866| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12867| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12868| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12869| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12870| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12871| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12872| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12873| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12874| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12875| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12876| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12877| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12878| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12879| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12880| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12881| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12882| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12883| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12884| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12885| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12886| [13304] Apache Tomcat realPath.jsp Path Disclosure
12887| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12888| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12889| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12890| [12848] Apache HTTP Server htdigest realm Variable Overflow
12891| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12892| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12893| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12894| [12557] Apache HTTP Server prefork MPM accept Error DoS
12895| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12896| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12897| [12231] Apache Tomcat web.xml Arbitrary File Access
12898| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12899| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12900| [12178] Apache Jakarta Lucene results.jsp XSS
12901| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12902| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12903| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12904| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12905| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12906| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12907| [10471] Apache Xerces-C++ XML Parser DoS
12908| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12909| [10068] Apache HTTP Server htpasswd Local Overflow
12910| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12911| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12912| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12913| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12914| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12915| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12916| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12917| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12918| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12919| [9714] Apache Authentication Module Threaded MPM DoS
12920| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12921| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12922| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12923| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12924| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12925| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12926| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12927| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12928| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12929| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12930| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12931| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12932| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12933| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12934| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12935| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12936| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12937| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12938| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12939| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12940| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12941| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12942| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12943| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12944| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12945| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12946| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12947| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12948| [9208] Apache Tomcat .jsp Encoded Newline XSS
12949| [9204] Apache Tomcat ROOT Application XSS
12950| [9203] Apache Tomcat examples Application XSS
12951| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12952| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12953| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12954| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12955| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12956| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12957| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12958| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12959| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12960| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12961| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12962| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12963| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12964| [7611] Apache HTTP Server mod_alias Local Overflow
12965| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12966| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12967| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12968| [6882] Apache mod_python Malformed Query String Variant DoS
12969| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12970| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12971| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12972| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12973| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12974| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12975| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12976| [5278] Apache Tomcat web.xml Restriction Bypass
12977| [5051] Apache Tomcat Null Character DoS
12978| [4973] Apache Tomcat servlet Mapping XSS
12979| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12980| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12981| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12982| [4568] mod_survey For Apache ENV Tags SQL Injection
12983| [4553] Apache HTTP Server ApacheBench Overflow DoS
12984| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12985| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12986| [4383] Apache HTTP Server Socket Race Condition DoS
12987| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12988| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12989| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12990| [4231] Apache Cocoon Error Page Server Path Disclosure
12991| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12992| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12993| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12994| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12995| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12996| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12997| [3322] mod_php for Apache HTTP Server Process Hijack
12998| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12999| [2885] Apache mod_python Malformed Query String DoS
13000| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13001| [2733] Apache HTTP Server mod_rewrite Local Overflow
13002| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13003| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13004| [2149] Apache::Gallery Privilege Escalation
13005| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13006| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13007| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13008| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13009| [872] Apache Tomcat Multiple Default Accounts
13010| [862] Apache HTTP Server SSI Error Page XSS
13011| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13012| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13013| [845] Apache Tomcat MSDOS Device XSS
13014| [844] Apache Tomcat Java Servlet Error Page XSS
13015| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13016| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13017| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13018| [775] Apache mod_python Module Importing Privilege Function Execution
13019| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13020| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13021| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13022| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13023| [637] Apache HTTP Server UserDir Directive Username Enumeration
13024| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13025| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13026| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13027| [561] Apache Web Servers mod_status /server-status Information Disclosure
13028| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13029| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13030| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13031| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13032| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13033| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13034| [376] Apache Tomcat contextAdmin Arbitrary File Access
13035| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13036| [222] Apache HTTP Server test-cgi Arbitrary File Access
13037| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13038| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13039|_
13040465/tcp open ssl/smtp Exim smtpd 4.92
13041| vulscan: VulDB - https://vuldb.com:
13042| [141327] Exim up to 4.92.1 Backslash privilege escalation
13043| [138827] Exim up to 4.92 Expansion Code Execution
13044| [135932] Exim up to 4.92 privilege escalation
13045| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
13046|
13047| MITRE CVE - https://cve.mitre.org:
13048| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
13049| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
13050| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
13051| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
13052| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
13053| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
13054| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
13055| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
13056| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
13057| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
13058| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
13059| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
13060| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
13061| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
13062| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
13063| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
13064|
13065| SecurityFocus - https://www.securityfocus.com/bid/:
13066| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
13067| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
13068| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
13069| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
13070| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
13071| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
13072| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
13073| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
13074| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
13075| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
13076| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
13077| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
13078| [45308] Exim Crafted Header Remote Code Execution Vulnerability
13079| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
13080| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
13081| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
13082| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
13083| [17110] sa-exim Unauthorized File Access Vulnerability
13084| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
13085| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
13086| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
13087| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
13088| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
13089| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
13090| [6314] Exim Internet Mailer Format String Vulnerability
13091| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
13092| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
13093| [2828] Exim Format String Vulnerability
13094| [1859] Exim Buffer Overflow Vulnerability
13095|
13096| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13097| [84758] Exim sender_address parameter command execution
13098| [84015] Exim command execution
13099| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
13100| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
13101| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
13102| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
13103| [67455] Exim DKIM processing code execution
13104| [67299] Exim dkim_exim_verify_finish() format string
13105| [65028] Exim open_log privilege escalation
13106| [63967] Exim config file privilege escalation
13107| [63960] Exim header buffer overflow
13108| [59043] Exim mail directory privilege escalation
13109| [59042] Exim MBX symlink
13110| [52922] ikiwiki teximg plugin information disclosure
13111| [34265] Exim spamd buffer overflow
13112| [25286] Sa-exim greylistclean.cron file deletion
13113| [22687] RHSA-2005:025 updates for exim not installed
13114| [18901] Exim dns_build_reverse buffer overflow
13115| [18764] Exim spa_base64_to_bits function buffer overflow
13116| [18763] Exim host_aton buffer overflow
13117| [16079] Exim require_verify buffer overflow
13118| [16077] Exim header_check_syntax buffer overflow
13119| [16075] Exim sender_verify buffer overflow
13120| [13067] Exim HELO or EHLO command heap overflow
13121| [10761] Exim daemon.c format string
13122| [8194] Exim configuration file -c command-line argument buffer overflow
13123| [7738] Exim allows attacker to hide commands in localhost names using pipes
13124| [6671] Exim "
13125| [1893] Exim MTA allows local users to gain root privileges
13126|
13127| Exploit-DB - https://www.exploit-db.com:
13128| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
13129| [15725] Exim 4.63 Remote Root Exploit
13130| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
13131| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
13132| [796] Exim <= 4.42 Local Root Exploit
13133| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
13134|
13135| OpenVAS (Nessus) - http://www.openvas.org:
13136| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
13137|
13138| SecurityTracker - https://www.securitytracker.com:
13139| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
13140| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
13141| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
13142| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
13143| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
13144| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
13145| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
13146| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
13147| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
13148| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
13149| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
13150| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
13151|
13152| OSVDB - http://www.osvdb.org:
13153| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
13154| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
13155| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
13156| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
13157| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
13158| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
13159| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
13160| [70696] Exim log.c open_log() Function Local Privilege Escalation
13161| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
13162| [69685] Exim string_format Function Remote Overflow
13163| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
13164| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
13165| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
13166| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
13167| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
13168| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
13169| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
13170| [12726] Exim -be Command Line Option host_aton Function Local Overflow
13171| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
13172| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
13173| [10032] libXpm CreateXImage Function Integer Overflow
13174| [7160] Exim .forward :include: Option Privilege Escalation
13175| [6479] Vexim COOKIE Authentication Credential Disclosure
13176| [6478] Vexim Multiple Parameter SQL Injection
13177| [5930] Exim Parenthesis File Name Filter Bypass
13178| [5897] Exim header_syntax Function Remote Overflow
13179| [5896] Exim sender_verify Function Remote Overflow
13180| [5530] Exim Localhost Name Arbitrary Command Execution
13181| [5330] Exim Configuration File Variable Overflow
13182| [1855] Exim Batched SMTP Mail Header Format String
13183|_
13184587/tcp open smtp Exim smtpd 4.92
13185| vulscan: VulDB - https://vuldb.com:
13186| [141327] Exim up to 4.92.1 Backslash privilege escalation
13187| [138827] Exim up to 4.92 Expansion Code Execution
13188| [135932] Exim up to 4.92 privilege escalation
13189| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
13190|
13191| MITRE CVE - https://cve.mitre.org:
13192| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
13193| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
13194| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
13195| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
13196| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
13197| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
13198| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
13199| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
13200| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
13201| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
13202| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
13203| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
13204| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
13205| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
13206| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
13207| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
13208|
13209| SecurityFocus - https://www.securityfocus.com/bid/:
13210| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
13211| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
13212| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
13213| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
13214| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
13215| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
13216| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
13217| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
13218| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
13219| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
13220| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
13221| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
13222| [45308] Exim Crafted Header Remote Code Execution Vulnerability
13223| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
13224| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
13225| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
13226| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
13227| [17110] sa-exim Unauthorized File Access Vulnerability
13228| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
13229| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
13230| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
13231| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
13232| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
13233| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
13234| [6314] Exim Internet Mailer Format String Vulnerability
13235| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
13236| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
13237| [2828] Exim Format String Vulnerability
13238| [1859] Exim Buffer Overflow Vulnerability
13239|
13240| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13241| [84758] Exim sender_address parameter command execution
13242| [84015] Exim command execution
13243| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
13244| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
13245| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
13246| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
13247| [67455] Exim DKIM processing code execution
13248| [67299] Exim dkim_exim_verify_finish() format string
13249| [65028] Exim open_log privilege escalation
13250| [63967] Exim config file privilege escalation
13251| [63960] Exim header buffer overflow
13252| [59043] Exim mail directory privilege escalation
13253| [59042] Exim MBX symlink
13254| [52922] ikiwiki teximg plugin information disclosure
13255| [34265] Exim spamd buffer overflow
13256| [25286] Sa-exim greylistclean.cron file deletion
13257| [22687] RHSA-2005:025 updates for exim not installed
13258| [18901] Exim dns_build_reverse buffer overflow
13259| [18764] Exim spa_base64_to_bits function buffer overflow
13260| [18763] Exim host_aton buffer overflow
13261| [16079] Exim require_verify buffer overflow
13262| [16077] Exim header_check_syntax buffer overflow
13263| [16075] Exim sender_verify buffer overflow
13264| [13067] Exim HELO or EHLO command heap overflow
13265| [10761] Exim daemon.c format string
13266| [8194] Exim configuration file -c command-line argument buffer overflow
13267| [7738] Exim allows attacker to hide commands in localhost names using pipes
13268| [6671] Exim "
13269| [1893] Exim MTA allows local users to gain root privileges
13270|
13271| Exploit-DB - https://www.exploit-db.com:
13272| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
13273| [15725] Exim 4.63 Remote Root Exploit
13274| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
13275| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
13276| [796] Exim <= 4.42 Local Root Exploit
13277| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
13278|
13279| OpenVAS (Nessus) - http://www.openvas.org:
13280| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
13281|
13282| SecurityTracker - https://www.securitytracker.com:
13283| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
13284| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
13285| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
13286| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
13287| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
13288| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
13289| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
13290| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
13291| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
13292| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
13293| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
13294| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
13295|
13296| OSVDB - http://www.osvdb.org:
13297| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
13298| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
13299| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
13300| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
13301| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
13302| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
13303| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
13304| [70696] Exim log.c open_log() Function Local Privilege Escalation
13305| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
13306| [69685] Exim string_format Function Remote Overflow
13307| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
13308| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
13309| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
13310| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
13311| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
13312| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
13313| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
13314| [12726] Exim -be Command Line Option host_aton Function Local Overflow
13315| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
13316| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
13317| [10032] libXpm CreateXImage Function Integer Overflow
13318| [7160] Exim .forward :include: Option Privilege Escalation
13319| [6479] Vexim COOKIE Authentication Credential Disclosure
13320| [6478] Vexim Multiple Parameter SQL Injection
13321| [5930] Exim Parenthesis File Name Filter Bypass
13322| [5897] Exim header_syntax Function Remote Overflow
13323| [5896] Exim sender_verify Function Remote Overflow
13324| [5530] Exim Localhost Name Arbitrary Command Execution
13325| [5330] Exim Configuration File Variable Overflow
13326| [1855] Exim Batched SMTP Mail Header Format String
13327|_
13328993/tcp open ssl/imaps?
13329995/tcp open ssl/pop3s?
133301723/tcp open tcpwrapped
13331|_pptp-version: ERROR: Script execution failed (use -d to debug)
133328080/tcp open http Indy httpd 19.4.52.3515 (Paessler PRTG bandwidth monitor)
13333|_http-server-header: PRTG/19.4.52.3515
13334|_http-trane-info: Problem with XML parsing of /evox/about
13335| vulscan: VulDB - https://vuldb.com:
13336| [37029] Windy Road Vistered Little 1.6a skins/common.css.php directory traversal
13337| [134113] DaviewIndy up to 8.98.7 PDF File Daview.exe memory corruption
13338| [134111] DaviewIndy up to 8.98.7 Image File Daview.exe memory corruption
13339| [134072] DaviewIndy up to 8.98.7 JPEG2000 File Daview.exe memory corruption
13340| [134071] DaviewIndy up to 8.98.7 File Daview.exe memory corruption
13341| [51377] Indymedia Oscailt 3.3 index.php directory traversal
13342|
13343| MITRE CVE - https://cve.mitre.org:
13344| No findings
13345|
13346| SecurityFocus - https://www.securityfocus.com/bid/:
13347| [24178] Windy Road Vistered Little Theme Skin Parameter Directory Traversal Vulnerability
13348| [6858] IndyNews HTML Injection Vulnerability
13349| [6857] IndyNews manageMedia() File Deletion Vulnerability
13350| [6856] IndyNews delMediaFile() File Deletion Vulnerability
13351|
13352| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13353| [11350] IndyNews ALT tag HTML injection
13354| [11349] IndyNews manageMedia() file deletion and modification
13355| [11348] IndyNews delMediaFile() file deletion
13356|
13357| Exploit-DB - https://www.exploit-db.com:
13358| No findings
13359|
13360| OpenVAS (Nessus) - http://www.openvas.org:
13361| No findings
13362|
13363| SecurityTracker - https://www.securitytracker.com:
13364| [1006105] [Indy]News Forum Software Lets Remote Users Upload Files to the System
13365|
13366| OSVDB - http://www.osvdb.org:
13367| No findings
13368|_
13369Service Info: Host: cpanel.maxtel.cl; OSs: Linux, Windows; CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:microsoft:windows
13370######################################################################################################################################
13371[+] URL: https://www.udi.cl/
13372[+] Started: Wed Nov 13 00:06:11 2019
13373
13374Interesting Finding(s):
13375
13376[+] https://www.udi.cl/
13377 | Interesting Entry: Server: Apache
13378 | Found By: Headers (Passive Detection)
13379 | Confidence: 100%
13380
13381[+] https://www.udi.cl/robots.txt
13382 | Interesting Entries:
13383 | - /wp-admin/
13384 | - /wp-admin/admin-ajax.php
13385 | Found By: Robots Txt (Aggressive Detection)
13386 | Confidence: 100%
13387
13388[+] https://www.udi.cl/xmlrpc.php
13389 | Found By: Direct Access (Aggressive Detection)
13390 | Confidence: 100%
13391 | References:
13392 | - http://codex.wordpress.org/XML-RPC_Pingback_API
13393 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
13394 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
13395 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
13396 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
13397
13398[+] https://www.udi.cl/readme.html
13399 | Found By: Direct Access (Aggressive Detection)
13400 | Confidence: 100%
13401
13402[+] Upload directory has listing enabled: https://www.udi.cl/wp-content/uploads/
13403 | Found By: Direct Access (Aggressive Detection)
13404 | Confidence: 100%
13405
13406encoding error : input conversion failed due to input error, bytes 0x9D 0x20 0x71 0x753:34
13407encoding error : input conversion failed due to input error, bytes 0x9D 0x20 0x71 0x75
13408Fingerprinting the version - Time: 00:04:54 <=========> (387 / 387) 100.00% Time: 00:04:54
13409[i] The WordPress version could not be detected.
13410
13411[+] WordPress theme in use: udi
13412 | Location: https://www.udi.cl/wp-content/themes/udi/
13413 | Style URL: https://www.udi.cl/wp-content/themes/udi/style.css
13414 | Style Name: UDI Popular
13415 | Description: Custom theme: Sitio UDI Popular, developed by Shackleton Chile...
13416 | Author: Shackleton Chile
13417 |
13418 | Found By: Urls In Homepage (Passive Detection)
13419 | Confirmed By: Urls In 404 Page (Passive Detection)
13420 |
13421 | Version: 1.0.0 (80% confidence)
13422 | Found By: Style (Passive Detection)
13423 | - https://www.udi.cl/wp-content/themes/udi/style.css, Match: 'Version: 1.0.0'
13424
13425[+] Enumerating All Plugins (via Passive Methods)
13426
13427[i] No plugins Found.
13428
13429[+] Enumerating Config Backups (via Passive and Aggressive Methods)
13430 Checking Config Backups - Time: 00:00:08 <=============> (21 / 21) 100.00% Time: 00:00:08
13431
13432[i] No Config Backups Found.
13433
13434[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
13435[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
13436
13437[+] Finished: Wed Nov 13 00:12:56 2019
13438[+] Requests Done: 622
13439[+] Cached Requests: 101
13440[+] Data Sent: 146.766 KB
13441[+] Data Received: 22.222 MB
13442[+] Memory used: 170.578 MB
13443[+] Elapsed time: 00:06:45
13444######################################################################################################################################
13445[+] URL: https://www.udi.cl/
13446[+] Started: Wed Nov 13 00:06:17 2019
13447
13448Interesting Finding(s):
13449
13450[+] https://www.udi.cl/
13451 | Interesting Entry: Server: Apache
13452 | Found By: Headers (Passive Detection)
13453 | Confidence: 100%
13454
13455[+] https://www.udi.cl/robots.txt
13456 | Interesting Entries:
13457 | - /wp-admin/
13458 | - /wp-admin/admin-ajax.php
13459 | Found By: Robots Txt (Aggressive Detection)
13460 | Confidence: 100%
13461
13462[+] https://www.udi.cl/xmlrpc.php
13463 | Found By: Direct Access (Aggressive Detection)
13464 | Confidence: 100%
13465 | References:
13466 | - http://codex.wordpress.org/XML-RPC_Pingback_API
13467 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
13468 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
13469 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
13470 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
13471
13472[+] https://www.udi.cl/readme.html
13473 | Found By: Direct Access (Aggressive Detection)
13474 | Confidence: 100%
13475
13476[+] Upload directory has listing enabled: https://www.udi.cl/wp-content/uploads/
13477 | Found By: Direct Access (Aggressive Detection)
13478 | Confidence: 100%
13479
13480[+] https://www.udi.cl/wp-cron.php
13481 | Found By: Direct Access (Aggressive Detection)
13482 | Confidence: 60%
13483 | References:
13484 | - https://www.iplocation.net/defend-wordpress-from-ddos
13485 | - https://github.com/wpscanteam/wpscan/issues/1299
13486
13487encoding error : input conversion failed due to input error, bytes 0x9D 0x20 0x71 0x75
13488encoding error : input conversion failed due to input error, bytes 0x9D 0x20 0x71 0x75
13489Fingerprinting the version - Time: 00:05:30 <> (387 / 387) 100.00% Time: 00:05:30
13490[i] The WordPress version could not be detected.
13491
13492[+] WordPress theme in use: udi
13493 | Location: https://www.udi.cl/wp-content/themes/udi/
13494 | Style URL: https://www.udi.cl/wp-content/themes/udi/style.css
13495 | Style Name: UDI Popular
13496 | Description: Custom theme: Sitio UDI Popular, developed by Shackleton Chile...
13497 | Author: Shackleton Chile
13498 |
13499 | Found By: Urls In Homepage (Passive Detection)
13500 | Confirmed By: Urls In 404 Page (Passive Detection)
13501 |
13502 | Version: 1.0.0 (80% confidence)
13503 | Found By: Style (Passive Detection)
13504 | - https://www.udi.cl/wp-content/themes/udi/style.css, Match: 'Version: 1.0.0'
13505
13506[+] Enumerating Users (via Passive and Aggressive Methods)
13507 Brute Forcing Author IDs - Time: 00:00:05 <==> (10 / 10) 100.00% Time: 00:00:05
13508
13509[i] User(s) Identified:
13510
13511[+] Diego Paredes
13512 | Found By: Rss Generator (Aggressive Detection)
13513
13514[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
13515[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
13516
13517[+] Finished: Wed Nov 13 00:13:00 2019
13518[+] Requests Done: 647
13519[+] Cached Requests: 59
13520[+] Data Sent: 154.038 KB
13521[+] Data Received: 12.616 MB
13522[+] Memory used: 131.344 MB
13523[+] Elapsed time: 00:06:42
13524#######################################################################################################################################
13525[+] URL: https://www.udi.cl/
13526[+] Started: Wed Nov 13 00:14:57 2019
13527
13528Interesting Finding(s):
13529
13530[+] https://www.udi.cl/
13531 | Interesting Entry: Server: Apache
13532 | Found By: Headers (Passive Detection)
13533 | Confidence: 100%
13534
13535[+] https://www.udi.cl/robots.txt
13536 | Interesting Entries:
13537 | - /wp-admin/
13538 | - /wp-admin/admin-ajax.php
13539 | Found By: Robots Txt (Aggressive Detection)
13540 | Confidence: 100%
13541
13542[+] https://www.udi.cl/readme.html
13543 | Found By: Direct Access (Aggressive Detection)
13544 | Confidence: 100%
13545
13546[+] Upload directory has listing enabled: https://www.udi.cl/wp-content/uploads/
13547 | Found By: Direct Access (Aggressive Detection)
13548 | Confidence: 100%
13549
13550[+] https://www.udi.cl/wp-cron.php
13551 | Found By: Direct Access (Aggressive Detection)
13552 | Confidence: 60%
13553 | References:
13554 | - https://www.iplocation.net/defend-wordpress-from-ddos
13555 | - https://github.com/wpscanteam/wpscan/issues/1299
13556
13557encoding error : input conversion failed due to input error, bytes 0x9D 0x20 0x71 0x753:49
13558encoding error : input conversion failed due to input error, bytes 0x9D 0x20 0x71 0x75
13559Fingerprinting the version - Time: 00:01:09 <=========> (387 / 387) 100.00% Time: 00:01:09
13560[i] The WordPress version could not be detected.
13561
13562[+] WordPress theme in use: udi
13563 | Location: https://www.udi.cl/wp-content/themes/udi/
13564 | Style URL: https://www.udi.cl/wp-content/themes/udi/style.css
13565 | Style Name: UDI Popular
13566 | Description: Custom theme: Sitio UDI Popular, developed by Shackleton Chile...
13567 | Author: Shackleton Chile
13568 |
13569 | Found By: Urls In Homepage (Passive Detection)
13570 |
13571 | Version: 1.0.0 (80% confidence)
13572 | Found By: Style (Passive Detection)
13573 | - https://www.udi.cl/wp-content/themes/udi/style.css, Match: 'Version: 1.0.0'
13574
13575[+] Enumerating Users (via Passive and Aggressive Methods)
13576 Brute Forcing Author IDs - Time: 00:00:03 <============> (10 / 10) 100.00% Time: 00:00:03
13577
13578[i] User(s) Identified:
13579
13580[+] Diego Paredes
13581 | Found By: Rss Generator (Aggressive Detection)
13582
13583[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
13584[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
13585
13586[+] Finished: Wed Nov 13 00:16:19 2019
13587[+] Requests Done: 401
13588[+] Cached Requests: 304
13589[+] Data Sent: 95.309 KB
13590[+] Data Received: 396.494 KB
13591[+] Memory used: 114.781 MB
13592[+] Elapsed time: 00:01:22
13593#######################################################################################################################################
13594[INFO] ------TARGET info------
13595[*] TARGET: https://www.udi.cl/
13596[*] TARGET IP: 200.73.54.34
13597[INFO] NO load balancer detected for www.udi.cl...
13598[*] DNS servers: udi.cl.
13599[*] TARGET server: Apache
13600[*] CC: CL
13601[*] Country: Chile
13602[*] RegionCode: RM
13603[*] RegionName: Santiago Metropolitan
13604[*] City: Santiago
13605[*] ASN: AS18747
13606[*] BGP_PREFIX: 200.73.0.0/18
13607[*] ISP: IFX18747 - IFX Corporation, US
13608[INFO] SSL/HTTPS certificate detected
13609[*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
13610[*] Subject: subject=CN = udi.cl
13611[INFO] DNS enumeration:
13612[*] ftp.udi.cl 200.73.54.34
13613[*] webmail.udi.cl 200.73.54.34
13614[INFO] Possible abuse mails are:
13615[*] abuse@ifxcorp.com
13616[*] abuse@ifxnetworks.com
13617[*] abuse@udi.cl
13618[*] abuse@www.udi.cl
13619[*] netadmin@ifxnw.cl
13620[*] postmaster@ifxnw.cl
13621[INFO] NO PAC (Proxy Auto Configuration) file FOUND
13622[INFO] Starting FUZZing in http://www.udi.cl/FUzZzZzZzZz...
13623[INFO] Status code Folders
13624[ALERT] Look in the source code. It may contain passwords
13625[INFO] Links found from https://www.udi.cl/ http://200.73.54.34/:
13626[*] http://200.73.54.34/cgi-sys/defaultwebpage.cgi
13627cut: intervalle de champ incorrecte
13628Saisissez « cut --help » pour plus d'informations.
13629[INFO] Shodan detected the following opened ports on 200.73.54.34:
13630[*] 1
13631[*] 110
13632[*] 143
13633[*] 1723
13634[*] 2082
13635[*] 2083
13636[*] 21
13637[*] 3
13638[*] 4
13639[*] 443
13640[*] 465
13641[*] 53
13642[*] 587
13643[*] 6
13644[*] 80
13645[*] 8080
13646[*] 9
13647[*] 993
13648[*] 995
13649[INFO] ------VirusTotal SECTION------
13650[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
13651[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
13652[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
13653[INFO] ------Alexa Rank SECTION------
13654[INFO] Percent of Visitors Rank in Country:
13655[INFO] Percent of Search Traffic:
13656[INFO] Percent of Unique Visits:
13657[INFO] Total Sites Linking In:
13658[*] Total Sites
13659[INFO] Useful links related to www.udi.cl - 200.73.54.34:
13660[*] https://www.virustotal.com/pt/ip-address/200.73.54.34/information/
13661[*] https://www.hybrid-analysis.com/search?host=200.73.54.34
13662[*] https://www.shodan.io/host/200.73.54.34
13663[*] https://www.senderbase.org/lookup/?search_string=200.73.54.34
13664[*] https://www.alienvault.com/open-threat-exchange/ip/200.73.54.34
13665[*] http://pastebin.com/search?q=200.73.54.34
13666[*] http://urlquery.net/search.php?q=200.73.54.34
13667[*] http://www.alexa.com/siteinfo/www.udi.cl
13668[*] http://www.google.com/safebrowsing/diagnostic?site=www.udi.cl
13669[*] https://censys.io/ipv4/200.73.54.34
13670[*] https://www.abuseipdb.com/check/200.73.54.34
13671[*] https://urlscan.io/search/#200.73.54.34
13672[*] https://github.com/search?q=200.73.54.34&type=Code
13673[INFO] Useful links related to AS18747 - 200.73.0.0/18:
13674[*] http://www.google.com/safebrowsing/diagnostic?site=AS:18747
13675[*] https://www.senderbase.org/lookup/?search_string=200.73.0.0/18
13676[*] http://bgp.he.net/AS18747
13677[*] https://stat.ripe.net/AS18747
13678[INFO] Date: 13/11/19 | Time: 00:18:17
13679[INFO] Total time: 2 minute(s) and 39 second(s)
13680#######################################################################################################################################
13681[-] Target: https://www.udi.cl (200.73.54.34)
13682[I] Server: Apache
13683[L] X-Frame-Options: Not Enforced
13684[I] Strict-Transport-Security: Not Enforced
13685[I] X-Content-Security-Policy: Not Enforced
13686[I] X-Content-Type-Options: Not Enforced
13687[L] Robots.txt Found: https://www.udi.cl/robots.txt
13688[I] CMS Detection: WordPress
13689[I] Wordpress Theme: udi
13690[M] EDB-ID: 17613 "WordPress Plugin E-Commerce 3.8.4 - SQL Injection"
13691[M] EDB-ID: 18417 "WordPress 3.3.1 - Multiple Vulnerabilities"
13692[M] EDB-ID: 24989 "WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting"
13693[M] EDB-ID: 29834 "WordPress Plugin dzs-videogallery - Arbitrary File Upload"
13694[M] EDB-ID: 36414 "WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities"
13695[M] EDB-ID: 37106 "WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay"
13696[M] EDB-ID: 38487 "WordPress Theme Colormix - Multiple Vulnerabilities"
13697[M] EDB-ID: 42129 "WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting"
13698[M] EDB-ID: 43889 "CMS Made Simple 1.11.9 - Multiple Vulnerabilities"
13699[-] WordPress usernames identified:
13700[M] iego Paredes
13701[M] XML-RPC services are enabled
13702[I] Autocomplete Off Not Found: https://www.udi.cl/wp-login.php
13703[-] Default WordPress Files:
13704[I] https://www.udi.cl/license.txt
13705[I] https://www.udi.cl/readme.html
13706[I] https://www.udi.cl/wp-content/themes/twentytwenty/readme.txt
13707[I] https://www.udi.cl/wp-includes/ID3/license.commercial.txt
13708[I] https://www.udi.cl/wp-includes/ID3/license.txt
13709[I] https://www.udi.cl/wp-includes/ID3/readme.txt
13710[I] https://www.udi.cl/wp-includes/images/crystal/license.txt
13711[I] https://www.udi.cl/wp-includes/js/plupload/license.txt
13712[I] https://www.udi.cl/wp-includes/js/swfupload/license.txt
13713[I] https://www.udi.cl/wp-includes/js/tinymce/license.txt
13714[-] Searching Wordpress Plugins ...
13715[I] "+plugin+"
13716[I] $plugin
13717[I] 1-flash-gallery
13718[M] EDB-ID: 17801 "WordPress Plugin 1 Flash Gallery 1.30 < 1.5.7a - Arbitrary File Upload (Metasploit)"
13719[I] 1-jquery-photo-gallery-slideshow-flash
13720[M] EDB-ID: 36382 "WordPress Plugin 1-jquery-photo-gallery-Slideshow-flash 1.01 - Cross-Site Scripting"
13721[I] 2-click-socialmedia-buttons
13722[M] EDB-ID: 37178 "WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities"
13723[I] Calendar
13724[M] EDB-ID: 21715 "WordPress Plugin spider Calendar - Multiple Vulnerabilities"
13725[I] Calendar-Script
13726[M] EDB-ID: 38018 "WordPress Plugin PHP Event Calendar - 'cid' SQL Injection"
13727[I] Enigma2.php?boarddir=http:
13728[I] FlagEm
13729[M] EDB-ID: 38674 "WordPress Plugin FlagEm - 'cID' Cross-Site Scripting"
13730[I] Lead-Octopus-Power
13731[M] EDB-ID: 39269 "WordPress Plugin Lead Octopus Power - 'id' SQL Injection"
13732[I] Premium_Gallery_Manager
13733[M] EDB-ID: 34538 "WordPress Plugin Premium Gallery Manager - Configuration Access"
13734[M] EDB-ID: 39111 "WordPress Plugin Premium Gallery Manager - Arbitrary File Upload"
13735[I] Tevolution
13736[M] EDB-ID: 40976 "WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload"
13737[I] a-gallery
13738[M] EDB-ID: 17872 "Multiple WordPress Plugins - 'timthumb.php' File Upload"
13739[I] a-to-z-category-listing
13740[M] EDB-ID: 17809 "WordPress Plugin A to Z Category Listing 1.3 - SQL Injection"
13741[I] abtest
13742[M] EDB-ID: 39577 "WordPress Plugin Abtest - Local File Inclusion"
13743[I] accept-signups
13744[M] EDB-ID: 35136 "WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting"
13745[I] acf-frontend-display
13746[I] ad-wizz
13747[M] EDB-ID: 35561 "WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting"
13748[I] admin_panel.php?wp_footnotes_current_settings[post_footnotes]=<
13749/bin/sh: 1: lt: not found
13750/bin/sh: 1: [&=/]: not found
13751[I] admin_panel.php?wp_footnotes_current_settings[pre_footnotes]=<
13752/bin/sh: 1: lt: not found
13753/bin/sh: 1: [&=/]: not found
13754[I] adminimize
13755[M] EDB-ID: 36325 "WordPress Plugin Adminimize 1.7.21 - 'page' Cross-Site Scripting"
13756[I] adrotate
13757[M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
13758[M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
13759[M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
13760[I] ads-box
13761[M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
13762[I] advanced-dewplayer
13763[M] EDB-ID: 38936 "WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal"
13764[I] advanced-text-widget
13765[M] EDB-ID: 36324 "WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting"
13766[I] advanced-uploader
13767[M] EDB-ID: 38867 "WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities"
13768[I] advertizer
13769[M] EDB-ID: 17750 "WordPress Plugin Advertizer 1.0 - SQL Injection"
13770[I] age-verification
13771[M] EDB-ID: 18350 "WordPress Plugin Age Verification 0.4 - Open Redirect"
13772[M] EDB-ID: 36540 "WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection"
13773[I] ajax-category-dropdown
13774[M] EDB-ID: 17207 "WordPress Plugin Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities"
13775[I] ajax-store-locator-wordpress_0
13776[M] EDB-ID: 35493 "WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download"
13777[I] ajaxgallery
13778[M] EDB-ID: 17686 "WordPress Plugin Ajax Gallery 3.0 - SQL Injection"
13779[I] akismet
13780[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
13781[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
13782[I] alert-before-your-post
13783[M] EDB-ID: 36323 "WordPress Plugin Alert Before Your Post - 'name' Cross-Site Scripting"
13784[I] all-in-one-event-calendar
13785[M] EDB-ID: 37075 "WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget-form.php?title' Cross-Site Scripting"
13786[M] EDB-ID: 37076 "WordPress Plugin All-in-One Event Calendar 1.4 - 'box_publish_button.php?button_value' Cross-Site Scripting"
13787[M] EDB-ID: 37077 "WordPress Plugin All-in-One Event Calendar 1.4 - 'save_successful.php?msg' Cross-Site Scripting"
13788[M] EDB-ID: 37078 "WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Cross-Site Scripting Vulnerabilities"
13789[I] all-in-one-wp-security-and-firewall
13790[M] EDB-ID: 34854 "WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting"
13791[I] all-video-gallery
13792[M] EDB-ID: 22427 "WordPress Plugin All Video Gallery 1.1 - SQL Injection"
13793[I] allow-php-in-posts-and-pages
13794[M] EDB-ID: 17688 "WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection"
13795[I] allwebmenus-wordpress-menu-plugin
13796[M] EDB-ID: 17861 "WordPress Plugin AllWebMenus 1.1.3 - Remote File Inclusion"
13797[M] EDB-ID: 18407 "WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload"
13798[I] alo-easymail
13799[I] annonces
13800[M] EDB-ID: 17863 "WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion"
13801[I] answer-my-question
13802[M] EDB-ID: 40771 "WordPress Plugin Answer My Question 1.3 - SQL Injection"
13803[I] appointment-booking-calendar
13804[M] EDB-ID: 39309 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection"
13805[M] EDB-ID: 39319 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection"
13806[M] EDB-ID: 39341 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities"
13807[M] EDB-ID: 39342 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection"
13808[I] aspose-doc-exporter
13809[M] EDB-ID: 36559 "WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download"
13810[I] asset-manager
13811[M] EDB-ID: 18993 "WordPress Plugin Asset Manager 0.2 - Arbitrary File Upload"
13812[I] audio
13813[M] EDB-ID: 35258 "WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting"
13814[I] audio-player
13815[M] EDB-ID: 38300 "WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting"
13816[I] auto-attachments
13817[I] aviary-image-editor-add-on-for-gravity-forms
13818[M] EDB-ID: 37275 "WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload"
13819[I] backwpup
13820[M] EDB-ID: 35400 "WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities"
13821[I] baggage-freight
13822[M] EDB-ID: 46061 "WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload"
13823[I] baggage_shipping
13824[I] bbpress
13825[M] EDB-ID: 22396 "WordPress Plugin bbPress - Multiple Vulnerabilities"
13826[I] bezahlcode-generator
13827[M] EDB-ID: 35286 "WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting"
13828[I] booking
13829[M] EDB-ID: 27399 "WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery"
13830[I] booking-calendar-contact-form
13831[M] EDB-ID: 37003 "WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities"
13832[I] bookx
13833[M] EDB-ID: 39251 "WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion"
13834[I] brandfolder
13835[M] EDB-ID: 39591 "WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion"
13836[I] cac-featured-content
13837[I] candidate-application-form
13838[M] EDB-ID: 37754 "WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download"
13839[I] catalog
13840[M] EDB-ID: 25724 "WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities"
13841[M] EDB-ID: 38639 "WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities"
13842[I] category-grid-view-gallery
13843[M] EDB-ID: 38625 "WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting"
13844[I] category-list-portfolio-page
13845[I] cevhershare
13846[M] EDB-ID: 17891 "WordPress Plugin CevherShare 2.0 - SQL Injection"
13847[I] cforms
13848[M] EDB-ID: 34946 "WordPress Plugin cformsII 11.5/13.1 - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities"
13849[I] cforms2
13850[M] EDB-ID: 35879 "WordPress Plugin Cforms 14.7 - Remote Code Execution"
13851[I] chenpress
13852[M] EDB-ID: 37522 "WordPress Plugin chenpress - Arbitrary File Upload"
13853[I] church-admin
13854[M] EDB-ID: 37483 "WordPress Plugin church_admin - 'id' Cross-Site Scripting"
13855[I] cimy-counter
13856[M] EDB-ID: 14057 "WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting"
13857[M] EDB-ID: 34195 "WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting / Cross-Site Scripting"
13858[I] clickdesk-live-support-chat
13859[M] EDB-ID: 36338 "WordPress Plugin ClickDesk Live Support 2.0 - 'cdwidget' Cross-Site Scripting"
13860[I] cloudsafe365-for-wp
13861[M] EDB-ID: 37681 "WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure"
13862[I] cm-download-manager
13863[M] EDB-ID: 35324 "WordPress Plugin CM Download Manager 2.0.0 - Code Injection"
13864[I] cms-pack
13865[I] cnhk-slideshow
13866[M] EDB-ID: 39190 "WordPress Plugin cnhk-Slideshow - Arbitrary File Upload"
13867[I] comicpress-manager
13868[M] EDB-ID: 35393 "WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Cross-Site Scripting"
13869[I] comment-rating
13870[M] EDB-ID: 16221 "WordPress Plugin Comment Rating 2.9.23 - Multiple Vulnerabilities"
13871[M] EDB-ID: 24552 "WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities"
13872[M] EDB-ID: 36487 "WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting"
13873[I] community-events
13874[M] EDB-ID: 17798 "WordPress Plugin Community Events 1.2.1 - SQL Injection"
13875[I] complete-gallery-manager
13876[M] EDB-ID: 28377 "WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload"
13877[I] contact-form-generator
13878[M] EDB-ID: 38086 "WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities"
13879[I] contact-form-wordpress
13880[M] EDB-ID: 17980 "WordPress Plugin Contact Form 2.7.5 - SQL Injection"
13881[I] contus-hd-flv-player
13882[M] EDB-ID: 17678 "WordPress Plugin Contus HD FLV Player 1.3 - SQL Injection"
13883[M] EDB-ID: 37377 "WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload"
13884[I] contus-video-gallery
13885[M] EDB-ID: 34161 "WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities"
13886[I] contus-video-galleryversion-10
13887[M] EDB-ID: 37373 "WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload"
13888[I] copyright-licensing-tools
13889[M] EDB-ID: 17749 "WordPress Plugin iCopyright(R) Article Tools 1.1.4 - SQL Injection"
13890[I] count-per-day
13891[M] EDB-ID: 17857 "WordPress Plugin Count per Day 2.17 - SQL Injection"
13892[M] EDB-ID: 18355 "WordPress Plugin Count Per Day - Multiple Vulnerabilities"
13893[M] EDB-ID: 20862 "WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting"
13894[I] couponer
13895[M] EDB-ID: 17759 "WordPress Plugin Couponer 1.2 - SQL Injection"
13896[I] cp-polls
13897[M] EDB-ID: 39513 "WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities"
13898[I] cp-reservation-calendar
13899[M] EDB-ID: 38187 "WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection"
13900[I] cpl
13901[M] EDB-ID: 11458 "WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection"
13902[I] crawlrate-tracker
13903[M] EDB-ID: 17755 "WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection"
13904[I] crayon-syntax-highlighter
13905[M] EDB-ID: 37946 "WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion"
13906[I] custom-background
13907[M] EDB-ID: 39135 "WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload"
13908[I] custom-content-type-manager
13909[M] EDB-ID: 19058 "WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload"
13910[I] custom-tables
13911[M] EDB-ID: 37482 "WordPress Plugin custom tables - 'key' Cross-Site Scripting"
13912[I] cysteme-finder
13913[M] EDB-ID: 40295 "WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File Disclosure/Arbitrary File Upload"
13914[I] daily-maui-photo-widget
13915[M] EDB-ID: 35673 "WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities"
13916[I] db-backup
13917[M] EDB-ID: 35378 "WordPress Plugin DB Backup - Arbitrary File Download"
13918[I] disclosure-policy-plugin
13919[M] EDB-ID: 17865 "WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion"
13920[I] dm-albums
13921[M] EDB-ID: 9043 "Adobe Flash Selection.SetSelection - Use-After-Free"
13922[M] EDB-ID: 9048 "Adobe Flash TextField.replaceText - Use-After-Free"
13923[I] dmsguestbook
13924[I] downloads-manager
13925[M] EDB-ID: 6127 "Pixel Studio 2.17 - Denial of Service (PoC)"
13926[I] dp-thumbnail
13927[I] drag-drop-file-uploader
13928[M] EDB-ID: 19057 "WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload"
13929[I] dukapress
13930[M] EDB-ID: 35346 "WordPress Plugin DukaPress 2.5.2 - Directory Traversal"
13931[I] duplicator
13932[M] EDB-ID: 38676 "WordPress Plugin Duplicator - Cross-Site Scripting"
13933[M] EDB-ID: 44288 "WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting"
13934[I] dzs-videogallery
13935[M] EDB-ID: 30063 "WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure"
13936[M] EDB-ID: 39250 "WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection"
13937[M] EDB-ID: 39553 "WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities"
13938[I] dzs-zoomsounds
13939[M] EDB-ID: 37166 "WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload"
13940[I] easy-contact-form-lite
13941[M] EDB-ID: 17680 "WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection"
13942[I] easy-contact-forms-exporter
13943[M] EDB-ID: 19013 "WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure"
13944[I] ebook-download
13945[M] EDB-ID: 39575 "WordPress Plugin eBook Download 1.1 - Directory Traversal"
13946[I] eco-annu
13947[M] EDB-ID: 38019 "WordPress Plugin Eco-annu - 'eid' SQL Injection"
13948[I] editormonkey
13949[M] EDB-ID: 17284 "WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload"
13950[I] email-newsletter
13951[M] EDB-ID: 37356 "WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure"
13952[I] evarisk
13953[M] EDB-ID: 17738 "WordPress Plugin Evarisk 5.1.3.6 - SQL Injection"
13954[M] EDB-ID: 37399 "WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload"
13955[I] event-registration
13956[M] EDB-ID: 17751 "WordPress Plugin Event Registration 5.4.3 - SQL Injection"
13957[I] eventify
13958[M] EDB-ID: 17794 "WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection"
13959[I] extend-wordpress
13960[I] facebook-opengraph-meta-plugin
13961[M] EDB-ID: 17773 "WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection"
13962[I] fbgorilla
13963[M] EDB-ID: 39283 "WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection"
13964[I] fbpromotions
13965[M] EDB-ID: 17737 "WordPress Plugin Facebook Promotions 1.3.3 - SQL Injection"
13966[I] fcchat
13967[M] EDB-ID: 35289 "WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting"
13968[M] EDB-ID: 37370 "WordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload"
13969[I] feature-slideshow
13970[M] EDB-ID: 35285 "WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting"
13971[I] featurific-for-wordpress
13972[M] EDB-ID: 36339 "WordPress Plugin Featurific For WordPress 1.6.2 - 'snum' Cross-Site Scripting"
13973[I] feed
13974[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
13975[I] feedlist
13976[M] EDB-ID: 34973 "WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting"
13977[I] feedweb
13978[M] EDB-ID: 38414 "WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting"
13979[I] fgallery
13980[M] EDB-ID: 4993 "GitList 0.6.0 - Argument Injection (Metasploit)"
13981[I] file-groups
13982[M] EDB-ID: 17677 "WordPress Plugin File Groups 1.1.2 - SQL Injection"
13983[I] filedownload
13984[M] EDB-ID: 17858 "WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure"
13985[I] finder
13986[M] EDB-ID: 37677 "WordPress Plugin Finder - 'order' Cross-Site Scripting"
13987[I] firestats
13988[M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
13989[M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
13990[M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
13991[I] flash-album-gallery
13992[M] EDB-ID: 16947 "WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities"
13993[M] EDB-ID: 36383 "WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting"
13994[M] EDB-ID: 36434 "WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting"
13995[M] EDB-ID: 36444 "WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting"
13996[I] flexible-custom-post-type
13997[M] EDB-ID: 36317 "WordPress Plugin Flexible Custom Post Type - 'id' Cross-Site Scripting"
13998[I] flipbook
13999[M] EDB-ID: 37452 "WordPress Plugin Flip Book - 'PHP.php' Arbitrary File Upload"
14000[I] font-uploader
14001[M] EDB-ID: 18994 "WordPress Plugin Font Uploader 1.2.4 - Arbitrary File Upload"
14002[I] formcraft
14003[M] EDB-ID: 30002 "WordPress Plugin Formcraft - SQL Injection"
14004[I] forum-server
14005[M] EDB-ID: 16235 "WordPress Plugin Forum Server 1.6.5 - SQL Injection"
14006[M] EDB-ID: 17828 "WordPress Plugin Forum Server 1.7 - SQL Injection"
14007[I] foxypress
14008[M] EDB-ID: 18991 "WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload"
14009[M] EDB-ID: 22374 "WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities"
14010[I] front-end-upload
14011[M] EDB-ID: 19008 "WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload"
14012[I] front-file-manager
14013[M] EDB-ID: 19012 "WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload"
14014[I] fs-real-estate-plugin
14015[M] EDB-ID: 22071 "WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection"
14016[I] gallery-images
14017[M] EDB-ID: 34524 "WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection"
14018[M] EDB-ID: 39807 "WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities"
14019[I] gallery-plugin
14020[M] EDB-ID: 18998 "WordPress Plugin Gallery 3.06 - Arbitrary File Upload"
14021[M] EDB-ID: 38209 "WordPress Plugin Gallery - 'filename_1' Arbitrary File Access"
14022[I] gd-star-rating
14023[M] EDB-ID: 17973 "WordPress Plugin GD Star Rating 1.9.10 - SQL Injection"
14024[M] EDB-ID: 35373 "WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Cross-Site Scripting"
14025[M] EDB-ID: 35835 "WordPress Plugin GD Star Rating - 'votes' SQL Injection"
14026[I] gift-voucher
14027[M] EDB-ID: 45255 "WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection"
14028[I] global-content-blocks
14029[M] EDB-ID: 17687 "WordPress Plugin Global Content Blocks 1.2 - SQL Injection"
14030[I] global-flash-galleries
14031[M] EDB-ID: 39059 "WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload"
14032[I] google-document-embedder
14033[M] EDB-ID: 35371 "WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection"
14034[M] EDB-ID: 35447 "WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection"
14035[I] google-mp3-audio-player
14036[M] EDB-ID: 35460 "WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download"
14037[I] gracemedia-media-player
14038[M] EDB-ID: 46537 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"
14039[I] grapefile
14040[M] EDB-ID: 17760 "WordPress Plugin grapefile 1.1 - Arbitrary File Upload"
14041[I] gwolle-gb
14042[M] EDB-ID: 38861 "WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion"
14043[I] hb-audio-gallery-lite
14044[M] EDB-ID: 39589 "WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download"
14045[I] hd-webplayer
14046[M] EDB-ID: 20918 "WordPress Plugin HD Webplayer 1.1 - SQL Injection"
14047[I] history-collection
14048[M] EDB-ID: 37254 "WordPress Plugin History Collection 1.1.1 - Arbitrary File Download"
14049[I] hitasoft_player
14050[M] EDB-ID: 38012 "WordPress Plugin FLV Player - 'id' SQL Injection"
14051[I] html5avmanager
14052[M] EDB-ID: 18990 "WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload"
14053[I] i-dump-iphone-to-wordpress-photo-uploader
14054[M] EDB-ID: 36691 "WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload"
14055[I] iframe-admin-pages
14056[M] EDB-ID: 37179 "WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting"
14057[I] igit-posts-slider-widget
14058[M] EDB-ID: 35392 "WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting"
14059[I] image-export
14060[M] EDB-ID: 39584 "WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure"
14061[I] image-gallery-with-slideshow
14062[M] EDB-ID: 17761 "WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities"
14063[I] imdb-widget
14064[M] EDB-ID: 39621 "WordPress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion"
14065[I] inboundio-marketing
14066[M] EDB-ID: 36478 "WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload"
14067[I] indeed-membership-pro
14068[I] inline-gallery
14069[M] EDB-ID: 35418 "WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting"
14070[I] insert-php
14071[M] EDB-ID: 41308 "WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection"
14072[I] invit0r
14073[M] EDB-ID: 37403 "WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload"
14074[I] ip-logger
14075[M] EDB-ID: 17673 "WordPress Plugin IP-Logger 3.0 - SQL Injection"
14076[I] is-human
14077[M] EDB-ID: 17299 "WordPress Plugin Is-human 1.4.2 - Remote Command Execution"
14078[I] islidex
14079[I] iwant-one-ihave-one
14080[M] EDB-ID: 16236 "WordPress Plugin IWantOneButton 3.0.1 - Multiple Vulnerabilities"
14081[I] jetpack
14082[M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
14083[I] jibu-pro
14084[M] EDB-ID: 45305 "WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting"
14085[I] joliprint
14086[M] EDB-ID: 37176 "WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities"
14087[I] jquery-mega-menu
14088[M] EDB-ID: 16250 "WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion"
14089[I] jrss-widget
14090[M] EDB-ID: 34977 "WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure"
14091[I] js-appointment
14092[M] EDB-ID: 17724 "WordPress Plugin Js-appointment 1.5 - SQL Injection"
14093[I] jtrt-responsive-tables
14094[M] EDB-ID: 43110 "WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection"
14095[I] kino-gallery
14096[I] kish-guest-posting
14097[I] kittycatfish
14098[M] EDB-ID: 41919 "WordPress Plugin KittyCatfish 2.2 - SQL Injection"
14099[I] knews
14100[M] EDB-ID: 37484 "WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting"
14101[I] knr-author-list-widget
14102[M] EDB-ID: 17791 "WordPress Plugin KNR Author List Widget 2.0.0 - SQL Injection"
14103[I] lanoba-social-plugin
14104[M] EDB-ID: 36326 "WordPress Plugin Lanoba Social 1.0 - 'action' Cross-Site Scripting"
14105[I] lazy-content-slider
14106[M] EDB-ID: 40070 "WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)"
14107[I] lazy-seo
14108[M] EDB-ID: 28452 "WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload"
14109[I] lazyest-gallery
14110[M] EDB-ID: 35435 "WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting"
14111[I] lb-mixed-slideshow
14112[M] EDB-ID: 37418 "WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload"
14113[I] leaguemanager
14114[M] EDB-ID: 24789 "WordPress Plugin LeagueManager 3.8 - SQL Injection"
14115[I] leenkme
14116[I] levelfourstorefront
14117[M] EDB-ID: 38158 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection"
14118[M] EDB-ID: 38159 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection"
14119[M] EDB-ID: 38160 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection"
14120[I] like-dislike-counter-for-posts-pages-and-comments
14121[M] EDB-ID: 34553 "WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection"
14122[I] link-library
14123[M] EDB-ID: 17887 "WordPress Plugin Link Library 5.2.1 - SQL Injection"
14124[I] lisl-last-image-slider
14125[I] livesig
14126[M] EDB-ID: 17864 "WordPress Plugin Livesig 0.4 - Remote File Inclusion"
14127[I] localize-my-post
14128[M] EDB-ID: 45439 "WordPress Plugin Localize My Post 1.0 - Local File Inclusion"
14129[I] mac-dock-gallery
14130[M] EDB-ID: 19056 "WordPress Plugin Mac Photo Gallery 2.7 - Arbitrary File Upload"
14131[I] madebymilk
14132[M] EDB-ID: 38041 "WordPress Theme Madebymilk - 'id' SQL Injection"
14133[I] mail-masta
14134[M] EDB-ID: 40290 "WordPress Plugin Mail Masta 1.0 - Local File Inclusion"
14135[M] EDB-ID: 41438 "WordPress Plugin Mail Masta 1.0 - SQL Injection"
14136[I] mailz
14137[M] EDB-ID: 17866 "WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion"
14138[M] EDB-ID: 18276 "WordPress Plugin Mailing List - Arbitrary File Download"
14139[I] media-library-categories
14140[M] EDB-ID: 17628 "WordPress Plugin Media Library Categories 1.0.6 - SQL Injection"
14141[I] meenews
14142[M] EDB-ID: 36340 "WordPress Plugin NewsLetter Meenews 5.1 - 'idnews' Cross-Site Scripting"
14143[I] membership-simplified-for-oap-members-only
14144[M] EDB-ID: 41622 "Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download"
14145[I] mingle-forum
14146[M] EDB-ID: 15943 "WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities"
14147[M] EDB-ID: 17894 "WordPress Plugin Mingle Forum 1.0.31 - SQL Injection"
14148[I] mm-forms-community
14149[M] EDB-ID: 17725 "WordPress Plugin MM Forms Community 1.2.3 - SQL Injection"
14150[M] EDB-ID: 18997 "WordPress Plugin MM Forms Community 2.2.6 - Arbitrary File Upload"
14151[I] monsters-editor-10-for-wp-super-edit
14152[M] EDB-ID: 37654 "WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload"
14153[I] mukioplayer-for-wordpress
14154[M] EDB-ID: 38755 "WordPress Plugin mukioplayer4wp - 'cid' SQL Injection"
14155[I] myflash
14156[M] EDB-ID: 3828 "Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)"
14157[I] mystat
14158[M] EDB-ID: 17740 "WordPress Plugin mySTAT 2.6 - SQL Injection"
14159[I] nextgen-gallery v3.2.19
14160[M] EDB-ID: 12098 "WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting"
14161[M] EDB-ID: 38178 "WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting"
14162[M] EDB-ID: 39100 "WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal"
14163[I] nextgen-smooth-gallery
14164[M] EDB-ID: 14541 "WordPress Plugin NextGEN Smooth Gallery 0.12 - Blind SQL Injection"
14165[I] ocim-mp3
14166[M] EDB-ID: 39498 "WordPress Plugin Ocim MP3 - SQL Injection"
14167[I] odihost-newsletter-plugin
14168[M] EDB-ID: 17681 "WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection"
14169[I] old-post-spinner
14170[M] EDB-ID: 16251 "WordPress Plugin OPS Old Post Spinner 2.2.1 - Local File Inclusion"
14171[I] olimometer
14172[M] EDB-ID: 40804 "WordPress Plugin Olimometer 2.56 - SQL Injection"
14173[I] omni-secure-files
14174[M] EDB-ID: 19009 "WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload"
14175[I] oqey-gallery
14176[M] EDB-ID: 17779 "WordPress Plugin oQey Gallery 0.4.8 - SQL Injection"
14177[M] EDB-ID: 35288 "WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting"
14178[I] oqey-headers
14179[M] EDB-ID: 17730 "WordPress Plugin oQey Headers 0.3 - SQL Injection"
14180[I] page-flip-image-gallery
14181[M] EDB-ID: 30084 "WordPress Plugin page-flip-image-gallery - Arbitrary File Upload"
14182[M] EDB-ID: 7543 "Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure"
14183[I] paid-downloads
14184[M] EDB-ID: 17797 "WordPress Plugin Paid Downloads 2.01 - SQL Injection"
14185[M] EDB-ID: 36135 "WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection"
14186[I] participants-database
14187[I] pay-with-tweet.php
14188[M] EDB-ID: 18330 "WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities"
14189[I] paypal-currency-converter-basic-for-woocommerce
14190[M] EDB-ID: 37253 "WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read"
14191[I] peugeot-music-plugin
14192[M] EDB-ID: 44737 "WordPress Plugin Peugeot Music - Arbitrary File Upload"
14193[I] photocart-link
14194[M] EDB-ID: 39623 "WordPress Plugin Photocart Link 1.6 - Local File Inclusion"
14195[I] photoracer
14196[M] EDB-ID: 17720 "WordPress Plugin Photoracer 1.0 - SQL Injection"
14197[M] EDB-ID: 17731 "WordPress Plugin Photoracer 1.0 - Multiple Vulnerabilities"
14198[M] EDB-ID: 8961 "WordPress Plugin Photoracer 1.0 - 'id' SQL Injection"
14199[I] photosmash-galleries
14200[M] EDB-ID: 35429 "WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting"
14201[M] EDB-ID: 38872 "WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload"
14202[I] php_speedy_wp
14203[I] phpfreechat
14204[M] EDB-ID: 37485 "WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting"
14205[I] pica-photo-gallery
14206[M] EDB-ID: 19016 "WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure"
14207[M] EDB-ID: 19055 "WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload"
14208[I] pictpress
14209[M] EDB-ID: 4695 "Karaoke Video Creator 2.2.8 - Denial of Service"
14210[I] picturesurf-gallery
14211[M] EDB-ID: 37371 "WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload"
14212[I] placester
14213[M] EDB-ID: 35562 "WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting"
14214[I] player
14215[M] EDB-ID: 38458 "WordPress Plugin Spider Video Player - 'theme' SQL Injection"
14216[I] plg_novana
14217[I] plugin-dir
14218[M] EDB-ID: 22853 "WordPress Plugin Facebook Survey 1.0 - SQL Injection"
14219[I] plugin-newsletter
14220[M] EDB-ID: 19018 "WordPress Plugin NewsLetter 1.5 - Remote File Disclosure"
14221[I] podpress
14222[M] EDB-ID: 38376 "WordPress Plugin podPress - 'playerID' Cross-Site Scripting"
14223[I] portable-phpmyadmin
14224[M] EDB-ID: 23356 "WordPress Plugin Portable phpMyAdmin - Authentication Bypass"
14225[I] post-highlights
14226[M] EDB-ID: 17790 "WordPress Plugin post highlights 2.2 - SQL Injection"
14227[I] post-recommendations-for-wordpress
14228[M] EDB-ID: 37506 "WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion"
14229[I] powerhouse-museum-collection-image-grid
14230[M] EDB-ID: 35287 "WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting"
14231[I] premium_gallery_manager
14232[I] pretty-link
14233[M] EDB-ID: 36233 "WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities"
14234[M] EDB-ID: 36408 "WordPress Plugin Pretty Link 1.5.2 - 'pretty-bar.php' Cross-Site Scripting"
14235[M] EDB-ID: 37196 "WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting"
14236[M] EDB-ID: 38324 "WordPress Plugin Pretty Link - Cross-Site Scripting"
14237[I] profiles
14238[M] EDB-ID: 17739 "WordPress Plugin Profiles 2.0 RC1 - SQL Injection"
14239[I] proplayer
14240[M] EDB-ID: 17616 "WordPress Plugin ProPlayer 4.7.7 - SQL Injection"
14241[M] EDB-ID: 25605 "WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection"
14242[I] pure-html
14243[M] EDB-ID: 17758 "WordPress Plugin PureHTML 1.0.0 - SQL Injection"
14244[I] q-and-a-focus-plus-faq
14245[M] EDB-ID: 39806 "WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities"
14246[I] radykal-fancy-gallery
14247[M] EDB-ID: 19398 "WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload"
14248[I] rating-widget
14249[I] rb-agency
14250[M] EDB-ID: 40333 "WordPress Plugin RB Agency 2.4.7 - Local File Disclosure"
14251[I] rbxgallery
14252[M] EDB-ID: 19019 "WordPress Plugin RBX Gallery 2.1 - Arbitrary File Upload"
14253[I] real3d-flipbook
14254[M] EDB-ID: 40055 "WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities"
14255[I] really-easy-slider
14256[I] really-simple-guest-post
14257[M] EDB-ID: 37209 "WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion"
14258[I] recent-backups
14259[M] EDB-ID: 37752 "WordPress Plugin Recent Backups 0.7 - Arbitrary File Download"
14260[I] recipe
14261[M] EDB-ID: 31228 "WordPress Plugin Recipes Blog - 'id' SQL Injection"
14262[I] reciply
14263[M] EDB-ID: 35265 "WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload"
14264[I] reflex-gallery
14265[M] EDB-ID: 36374 "WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload"
14266[I] rekt-slideshow
14267[I] related-sites
14268[M] EDB-ID: 9054 "Adobe Flash TextField.tabIndex Setter - Use-After-Free"
14269[I] relocate-upload
14270[M] EDB-ID: 17869 "WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion"
14271[I] rent-a-car
14272[I] resume-submissions-job-postings
14273[M] EDB-ID: 19791 "WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload"
14274[I] rich-widget
14275[M] EDB-ID: 37653 "WordPress Plugin Rich Widget - Arbitrary File Upload"
14276[I] ripe-hd-player
14277[M] EDB-ID: 24229 "WordPress Plugin Ripe HD FLV Player - SQL Injection"
14278[I] robotcpa
14279[M] EDB-ID: 37252 "WordPress Plugin RobotCPA V5 - Local File Inclusion"
14280[I] rss-feed-reader
14281[M] EDB-ID: 35261 "WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Cross-Site Scripting"
14282[I] s3bubble-amazon-s3-html-5-video-with-adverts
14283[M] EDB-ID: 37494 "WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download"
14284[I] scormcloud
14285[M] EDB-ID: 17793 "WordPress Plugin SCORM Cloud 1.0.6.6 - SQL Injection"
14286[I] se-html5-album-audio-player
14287[M] EDB-ID: 37274 "WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal"
14288[I] search-autocomplete
14289[M] EDB-ID: 17767 "WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection"
14290[I] securimage-wp
14291[M] EDB-ID: 38510 "WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting"
14292[I] sell-downloads
14293[M] EDB-ID: 38868 "WordPress Plugin Sell Download 1.0.16 - Local File Disclosure"
14294[I] sendit
14295[M] EDB-ID: 17716 "WordPress Plugin SendIt 1.5.9 - Blind SQL Injection"
14296[I] seo-automatic-seo-tools
14297[M] EDB-ID: 34975 "WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal"
14298[I] seo-watcher
14299[M] EDB-ID: 38782 "WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
14300[I] sermon-browser
14301[M] EDB-ID: 17214 "WordPress Plugin SermonBrowser 0.43 - SQL Injection"
14302[M] EDB-ID: 35657 "WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection"
14303[I] sexy-contact-form
14304[M] EDB-ID: 34922 "WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload"
14305[M] EDB-ID: 35057 "WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload"
14306[I] sf-booking
14307[M] EDB-ID: 43475 "WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure"
14308[I] sfbrowser
14309[M] EDB-ID: 19054 "WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload"
14310[I] sfwd-lms
14311[I] sh-slideshow
14312[M] EDB-ID: 17748 "WordPress Plugin SH Slideshow 3.1.4 - SQL Injection"
14313[I] sharebar
14314[M] EDB-ID: 37201 "WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting"
14315[I] si-contact-form
14316[M] EDB-ID: 36050 "WordPress Plugin Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting"
14317[I] simple-ads-manager
14318[M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
14319[M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
14320[M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
14321[M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
14322[I] simple-download-button-shortcode
14323[M] EDB-ID: 19020 "WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure"
14324[I] simple-fields
14325[M] EDB-ID: 44425 "WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution"
14326[I] simple-forum
14327[I] site-editor
14328[M] EDB-ID: 44340 "Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion"
14329[I] site-import
14330[M] EDB-ID: 39558 "WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion"
14331[I] skysa-official
14332[M] EDB-ID: 36363 "WordPress Plugin Skysa App Bar - 'idnews' Cross-Site Scripting"
14333[I] slider-image
14334[M] EDB-ID: 37361 "WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities"
14335[I] slideshow-gallery-2
14336[M] EDB-ID: 36631 "WordPress Plugin Slideshow Gallery 1.1.x - 'border' Cross-Site Scripting"
14337[I] slideshow-jquery-image-gallery
14338[M] EDB-ID: 37948 "WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities"
14339[I] smart-flv
14340[M] EDB-ID: 38331 "WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities"
14341[I] smart-google-code-inserter
14342[I] sniplets
14343[M] EDB-ID: 5194 "Wansview 1.0.2 - Denial of Service (PoC)"
14344[I] social-discussions
14345[M] EDB-ID: 22158 "WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities"
14346[I] social-slider-2
14347[M] EDB-ID: 17617 "WordPress Plugin Social Slider 5.6.5 - SQL Injection"
14348[I] socialfit
14349[M] EDB-ID: 37481 "WordPress Plugin SocialFit - 'msg' Cross-Site Scripting"
14350[I] sodahead-polls
14351[I] sp-client-document-manager
14352[M] EDB-ID: 35313 "WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection"
14353[M] EDB-ID: 36576 "WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection"
14354[I] spicy-blogroll
14355[M] EDB-ID: 26804 "WordPress Plugin Spicy Blogroll - Local File Inclusion"
14356[I] spider-event-calendar
14357[M] EDB-ID: 25723 "WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities"
14358[I] spiffy
14359[M] EDB-ID: 38441 "WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection"
14360[I] st_newsletter
14361[M] EDB-ID: 31096 "WordPress Plugin ShiftThis NewsLetter - SQL Injection"
14362[M] EDB-ID: 6777 "Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)"
14363[I] store-locator-le
14364[M] EDB-ID: 18989 "WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities"
14365[I] taggator
14366[I] taggedalbums
14367[M] EDB-ID: 38023 "WordPress Plugin Tagged Albums - 'id' SQL Injection"
14368[I] tagninja
14369[M] EDB-ID: 35300 "WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting"
14370[I] tera-charts
14371[M] EDB-ID: 39256 "WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal"
14372[M] EDB-ID: 39257 "WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal"
14373[I] the-welcomizer
14374[M] EDB-ID: 36445 "WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting"
14375[I] thecartpress
14376[M] EDB-ID: 17860 "WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion"
14377[M] EDB-ID: 36481 "WordPress Plugin TheCartPress 1.6 - 'OptionsPostsList.php' Cross-Site Scripting"
14378[M] EDB-ID: 38869 "WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities"
14379[I] thinkun-remind
14380[M] EDB-ID: 19021 "WordPress Plugin Thinkun Remind 1.1.3 - Remote File Disclosure"
14381[I] tinymce-thumbnail-gallery
14382[M] EDB-ID: 19022 "WordPress Plugin TinyMCE Thumbnail Gallery 1.0.7 - Remote File Disclosure"
14383[I] topquark
14384[M] EDB-ID: 19053 "WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload"
14385[I] track-that-stat
14386[M] EDB-ID: 37204 "WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting"
14387[I] trafficanalyzer
14388[M] EDB-ID: 38439 "WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting"
14389[I] tune-library
14390[M] EDB-ID: 17816 "WordPress Plugin Tune Library 2.17 - SQL Injection"
14391[I] ucan-post
14392[M] EDB-ID: 18390 "WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting"
14393[I] ultimate-product-catalogue
14394[M] EDB-ID: 36823 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)"
14395[M] EDB-ID: 36824 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)"
14396[M] EDB-ID: 36907 "WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities"
14397[M] EDB-ID: 39974 "WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation"
14398[M] EDB-ID: 40012 "WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload"
14399[M] EDB-ID: 40174 "WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection"
14400[I] ungallery
14401[M] EDB-ID: 17704 "WordPress Plugin UnGallery 1.5.8 - Local File Disclosure"
14402[I] uploader
14403[M] EDB-ID: 35255 "WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting"
14404[M] EDB-ID: 38163 "WordPress Plugin Uploader - Arbitrary File Upload"
14405[M] EDB-ID: 38355 "WordPress Plugin Uploader - 'blog' Cross-Site Scripting"
14406[I] uploadify-integration
14407[M] EDB-ID: 37070 "WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities"
14408[I] uploads
14409[I] upm-polls
14410[M] EDB-ID: 17627 "WordPress Plugin UPM Polls 1.0.3 - SQL Injection"
14411[I] user-avatar
14412[I] user-meta
14413[M] EDB-ID: 19052 "WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload"
14414[I] userpro
14415[M] EDB-ID: 46083 "Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation"
14416[M] EDB-ID: 47304 "WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting"
14417[I] users-ultra
14418[I] verve-meta-boxes
14419[I] videowhisper-live-streaming-integration
14420[M] EDB-ID: 31986 "WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities"
14421[I] videowhisper-video-conference-integration
14422[M] EDB-ID: 36617 "WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload"
14423[M] EDB-ID: 36618 "WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload"
14424[I] videowhisper-video-presentation
14425[M] EDB-ID: 17771 "WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection"
14426[M] EDB-ID: 37357 "WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload"
14427[I] vk-gallery
14428[I] vodpod-video-gallery
14429[M] EDB-ID: 34976 "WordPress Plugin Vodpod Video Gallery 3.1.5 - 'vodpod_gallery_thumbs.php' Cross-Site Scripting"
14430[I] wassup
14431[I] webinar_plugin
14432[M] EDB-ID: 22300 "WordPress Plugin Easy Webinar - Blind SQL Injection"
14433[I] webplayer
14434[I] website-contact-form-with-file-upload
14435[M] EDB-ID: 36952 "WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion"
14436[I] website-faq
14437[M] EDB-ID: 19400 "WordPress Plugin Website FAQ 1.0 - SQL Injection"
14438[I] wechat-broadcast
14439[M] EDB-ID: 45438 "WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion"
14440[I] woocommerce
14441[M] EDB-ID: 43196 "WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal"
14442[I] woopra
14443[M] EDB-ID: 38783 "WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
14444[I] wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg
14445[M] EDB-ID: 17763 "Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference"
14446[I] wordpress-member-private-conversation
14447[M] EDB-ID: 37353 "WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload"
14448[I] wordpress-processing-embed
14449[M] EDB-ID: 35066 "WordPress Plugin Processing Embed 0.5 - 'pluginurl' Cross-Site Scripting"
14450[I] wordtube
14451[M] EDB-ID: 3825 "GoodiWare GoodReader iPhone - '.XLS' Denial of Service"
14452[I] work-the-flow-file-upload
14453[M] EDB-ID: 36640 "WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload"
14454[I] wp-adserve
14455[I] wp-audio-gallery-playlist
14456[M] EDB-ID: 17756 "WordPress Plugin Audio Gallery Playlist 0.12 - SQL Injection"
14457[I] wp-automatic
14458[M] EDB-ID: 19187 "WordPress Plugin Automatic 2.0.3 - SQL Injection"
14459[I] wp-autosuggest
14460[M] EDB-ID: 45977 "WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection"
14461[I] wp-autoyoutube
14462[M] EDB-ID: 18353 "WordPress Plugin wp-autoyoutube - Blind SQL Injection"
14463[I] wp-bannerize
14464[M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
14465[M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
14466[M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
14467[I] wp-banners-lite
14468[M] EDB-ID: 38410 "WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection"
14469[I] wp-booking-calendar
14470[M] EDB-ID: 44769 "Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting"
14471[I] wp-business-intelligence
14472[M] EDB-ID: 36600 "WordPress Plugin Business Intelligence - SQL Injection (Metasploit)"
14473[I] wp-business-intelligence-lite
14474[I] wp-cal
14475[M] EDB-ID: 4992 "Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)"
14476[I] wp-comment-remix
14477[I] wp-content
14478[M] EDB-ID: 37123 "WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting"
14479[I] wp-copysafe-pdf
14480[M] EDB-ID: 39254 "WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload"
14481[I] wp-cumulus
14482[M] EDB-ID: 10228 "WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting"
14483[M] EDB-ID: 33371 "WordPress Plugin WP-Cumulus 1.x - 'tagcloud.swf' Cross-Site Scripting"
14484[I] wp-custom-pages
14485[M] EDB-ID: 17119 "WordPress Plugin Custom Pages 0.5.0.1 - Local File Inclusion"
14486[I] wp-ds-faq
14487[M] EDB-ID: 17683 "WordPress Plugin DS FAQ 1.3.2 - SQL Injection"
14488[I] wp-e-commerce
14489[M] EDB-ID: 36018 "WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting"
14490[I] wp-easycart
14491[M] EDB-ID: 35730 "WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload"
14492[I] wp-ecommerce-shop-styling
14493[M] EDB-ID: 37530 "WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download"
14494[I] wp-events-calendar
14495[M] EDB-ID: 44785 "WordPress Plugin Events Calendar - SQL Injection"
14496[I] wp-featured-post-with-thumbnail
14497[M] EDB-ID: 35262 "WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting"
14498[I] wp-filebase
14499[M] EDB-ID: 17808 "WordPress Plugin WP-Filebase Download Manager 0.2.9 - SQL Injection"
14500[I] wp-filemanager
14501[M] EDB-ID: 25440 "WordPress Plugin wp-FileManager - Arbitrary File Download"
14502[M] EDB-ID: 38515 "WordPress Plugin wp-FileManager - 'path' Arbitrary File Download"
14503[M] EDB-ID: 4844 "STDU Explorer 1.0.201 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution"
14504[I] wp-footnotes
14505[M] EDB-ID: 31092 "WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities"
14506[I] wp-forum
14507[M] EDB-ID: 7738 "WordPress Plugin WP-Forum 1.7.8 - SQL Injection"
14508[I] wp-glossary
14509[M] EDB-ID: 18055 "WordPress Plugin Glossary - SQL Injection"
14510[I] wp-google-drive
14511[M] EDB-ID: 44435 "WordPress Plugin Google Drive 2.2 - Remote Code Execution"
14512[I] wp-gpx-maps
14513[M] EDB-ID: 19050 "WordPress Plugin wp-gpx-map 1.1.21 - Arbitrary File Upload"
14514[I] wp-imagezoom
14515[M] EDB-ID: 37243 "WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities"
14516[M] EDB-ID: 37419 "WordPress Plugin Wp-ImageZoom - 'file' Remote File Disclosure"
14517[M] EDB-ID: 38063 "WordPress Theme Wp-ImageZoom - 'id' SQL Injection"
14518[I] wp-livephp
14519[M] EDB-ID: 36483 "WordPress Plugin WP Live.php 1.2.1 - 's' Cross-Site Scripting"
14520[I] wp-lytebox
14521[I] wp-marketplace
14522[I] wp-menu-creator
14523[M] EDB-ID: 17689 "WordPress Plugin Menu Creator 1.1.7 - SQL Injection"
14524[I] wp-mobile-detector
14525[M] EDB-ID: 39891 "WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload"
14526[I] wp-people
14527[M] EDB-ID: 31230 "WordPress Plugin wp-people 2.0 - 'wp-people-popup.php' SQL Injection"
14528[I] wp-polls
14529[M] EDB-ID: 10256 "WordPress Plugin WP-Polls 2.x - Incorrect Flood Filter"
14530[I] wp-property
14531[M] EDB-ID: 18987 "WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload"
14532[I] wp-publication-archive
14533[M] EDB-ID: 35263 "WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure"
14534[I] wp-realty
14535[M] EDB-ID: 29021 "WordPress Plugin Realty - Blind SQL Injection"
14536[M] EDB-ID: 38808 "WordPress Plugin WP-Realty - 'listing_id' SQL Injection"
14537[M] EDB-ID: 39109 "WordPress Plugin Relevanssi - 'category_name' SQL Injection"
14538[I] wp-responsive-thumbnail-slider
14539[M] EDB-ID: 45099 "WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)"
14540[I] wp-safe-search
14541[M] EDB-ID: 35067 "WordPress Plugin Safe Search - 'v1' Cross-Site Scripting"
14542[I] wp-shopping-cart
14543[M] EDB-ID: 6867 "Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow"
14544[I] wp-source-control
14545[M] EDB-ID: 39287 "WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal"
14546[I] wp-spamfree
14547[M] EDB-ID: 17970 "WordPress Plugin WP-SpamFree Spam Plugin - SQL Injection"
14548[I] wp-starsratebox
14549[M] EDB-ID: 35634 "WordPress Plugin WP-StarsRateBox 1.1 - 'j' SQL Injection"
14550[I] wp-stats-dashboard
14551[I] wp-support-plus-responsive-ticket-system
14552[M] EDB-ID: 34589 "SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Local Privilege Escalation"
14553[I] wp-survey-and-quiz-tool
14554[M] EDB-ID: 34974 "WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting"
14555[I] wp-swimteam
14556[M] EDB-ID: 37601 "WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download"
14557[I] wp-symposium
14558[M] EDB-ID: 17679 "WordPress Plugin Symposium 0.64 - SQL Injection"
14559[M] EDB-ID: 35505 "WordPress Plugin Symposium 14.10 - SQL Injection"
14560[M] EDB-ID: 35543 "WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload"
14561[M] EDB-ID: 37822 "WordPress Plugin WP Symposium 15.1 - Blind SQL Injection"
14562[M] EDB-ID: 37824 "WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection"
14563[I] wp-syntax
14564[M] EDB-ID: 9431 "Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption"
14565[I] wp-table
14566[M] EDB-ID: 3824 "Office^2 iPhone - '.XLS' Denial of Service"
14567[I] wp-table-reloaded
14568[M] EDB-ID: 38251 "WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting"
14569[I] wp-twitter-feed
14570[M] EDB-ID: 35084 "WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting"
14571[I] wp-whois
14572[M] EDB-ID: 36488 "WordPress Plugin WHOIS 1.4.2 3 - 'domain' Cross-Site Scripting"
14573[I] wp-with-spritz
14574[M] EDB-ID: 44544 "WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion"
14575[I] wpSS
14576[M] EDB-ID: 39279 "WordPress Plugin wpSS - 'ss_handler.php' SQL Injection"
14577[M] EDB-ID: 5486 "PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service"
14578[I] wp_rokintroscroller
14579[M] EDB-ID: 38767 "WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities"
14580[I] wp_rokmicronews
14581[M] EDB-ID: 38768 "WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities"
14582[I] wp_roknewspager
14583[M] EDB-ID: 38756 "WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities"
14584[I] wp_rokstories
14585[M] EDB-ID: 38757 "WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities"
14586[I] wpeasystats
14587[M] EDB-ID: 17862 "WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion"
14588[I] wpforum
14589[M] EDB-ID: 17684 "WordPress Plugin Forum 1.7.8 - SQL Injection"
14590[I] wpmarketplace
14591[M] EDB-ID: 18988 "WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload"
14592[I] wpsite-background-takeover
14593[M] EDB-ID: 44417 "WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal"
14594[I] wpstorecart
14595[M] EDB-ID: 19023 "ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions"
14596[I] wptf-image-gallery
14597[M] EDB-ID: 37751 "WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download"
14598[I] wptouch
14599[M] EDB-ID: 18039 "WordPress Plugin wptouch - SQL Injection"
14600[I] x7host-videox7-ugc-plugin
14601[M] EDB-ID: 35257 "WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting"
14602[M] EDB-ID: 35264 "WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting"
14603[I] xcloner-backup-and-restore
14604[M] EDB-ID: 16246 "Joomla! Component com_xcloner-backupandrestore - Remote Command Execution"
14605[I] xerte-online
14606[M] EDB-ID: 38157 "WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload"
14607[I] xml-and-csv-import-in-article-content
14608[M] EDB-ID: 39576 "WordPress Plugin Import CSV 1.0 - Directory Traversal"
14609[I] xorbin-analog-flash-clock
14610[M] EDB-ID: 38608 "WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Cross-Site Scripting"
14611[I] xorbin-digital-flash-clock
14612[M] EDB-ID: 38621 "WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Cross-Site Scripting"
14613[I] yolink-search
14614[M] EDB-ID: 17757 "WordPress Plugin yolink Search 1.1.4 - SQL Injection"
14615[I] yousaytoo-auto-publishing-plugin
14616[M] EDB-ID: 36620 "WordPress Plugin YouSayToo auto-publishing 1.0 - 'submit' Cross-Site Scripting"
14617[I] yt-audio-streaming-audio-from-youtube
14618[M] EDB-ID: 35394 "WordPress Plugin YT-Audio 1.7 - 'v' Cross-Site Scripting"
14619[I] zarzadzanie_kontem
14620[M] EDB-ID: 38050 "WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload"
14621[I] zingiri-forum
14622[M] EDB-ID: 38101 "WordPress Plugin Zingiri Forums - 'language' Local File Inclusion"
14623[I] zingiri-web-shop
14624[M] EDB-ID: 17867 "WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion"
14625[M] EDB-ID: 37406 "WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload"
14626[M] EDB-ID: 38046 "WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload"
14627[I] zotpress
14628[M] EDB-ID: 17778 "WordPress Plugin Zotpress 4.4 - SQL Injection"
14629[I] Checking for Directory Listing Enabled ...
14630[L] https://www.udi.cl/wp-admin/css
14631[L] https://www.udi.cl/wp-admin/images
14632[L] https://www.udi.cl/wp-admin/includes
14633[L] https://www.udi.cl/wp-admin/js
14634[L] https://www.udi.cl/wp-admin/maint
14635[L] https://www.udi.cl/wp-content
14636[L] https://www.udi.cl/wp-includes
14637[L] https://www.udi.cl/wp-includes/ID3
14638[L] https://www.udi.cl/wp-includes/IXR
14639[L] https://www.udi.cl/wp-includes/Requests
14640[L] https://www.udi.cl/wp-includes/SimplePie
14641[L] https://www.udi.cl/wp-includes/Text
14642[L] https://www.udi.cl/wp-includes/blocks
14643[L] https://www.udi.cl/wp-includes/certificates
14644[L] https://www.udi.cl/wp-includes/css
14645[L] https://www.udi.cl/wp-includes/customize
14646[L] https://www.udi.cl/wp-includes/fonts
14647[L] https://www.udi.cl/wp-includes/images
14648[L] https://www.udi.cl/wp-includes/js
14649[L] https://www.udi.cl/wp-includes/pomo
14650[L] https://www.udi.cl/wp-includes/random_compat
14651[L] https://www.udi.cl/wp-includes/rest-api
14652[L] https://www.udi.cl/wp-includes/sodium_compat
14653[L] https://www.udi.cl/wp-includes/theme-compat
14654[L] https://www.udi.cl/wp-includes/widgets
14655[-] Date & Time: 13/11/2019 01:24:46
14656[-] Completed in: 1:18:22
14657#######################################################################################################################################
14658 Anonymous JTSEC #OpChili Full Recon #6