· 5 years ago · Mar 12, 2020, 02:46 PM
1#######################################################################################################################################
2====================================================================================================================================
3Hostname www.paltahass.cl ISP GoDaddy.com, LLC
4Continent North America Flag
5US
6Country United States Country Code US
7Region Arizona Local time 12 Mar 2020 05:03 MST
8City Scottsdale Postal Code 85260
9IP Address 107.180.28.114 Latitude 33.601
10 Longitude -111.887
11===============================================================================================================================
12####################################################################################################################################
13> www.paltahass.cl
14Server: 10.101.0.243
15Address: 10.101.0.243#53
16
17Non-authoritative answer:
18www.paltahass.cl canonical name = paltahass.cl.
19Name: paltahass.cl
20Address: 107.180.28.114
21>
22####################################################################################################################################
23Domain name: paltahass.cl
24Registrant name: Comite de Paltas Hass de Chile A G
25Registrant organisation:
26Registrar name: Hosting Concepts B.V. d/b/a Registrar.eu
27Registrar URL: https://www.openprovider.es
28Creation date: 2005-04-08 20:16:33 CLST
29Expiration date: 2020-05-06 17:16:03 CLST
30Name server: ns43.domaincontrol.com
31Name server: ns44.domaincontrol.com
32####################################################################################################################################
33[+] Target : www.paltahass.cl
34
35[+] IP Address : 107.180.28.114
36
37[+] Headers :
38
39[+] Date : Thu, 12 Mar 2020 12:35:08 GMT
40[+] Server : Apache
41[+] Vary : User-Agent,Accept-Encoding
42[+] Upgrade : h2,h2c
43[+] Connection : Upgrade, Keep-Alive
44[+] Last-Modified : Thu, 12 Mar 2020 09:05:21 GMT
45[+] Accept-Ranges : bytes
46[+] Content-Encoding : gzip
47[+] Cache-Control : max-age=0, no-cache, no-store, must-revalidate
48[+] Pragma : no-cache
49[+] Expires : Mon, 29 Oct 1923 20:30:00 GMT
50[+] Content-Length : 18909
51[+] Keep-Alive : timeout=5
52[+] Content-Type : text/html; charset=UTF-8
53
54[+] SSL Certificate Information :
55
56[+] organizationalUnitName : Domain Control Validated
57[+] commonName : *.prod.iad2.secureserver.net
58[+] countryName : US
59[+] stateOrProvinceName : Arizona
60[+] localityName : Scottsdale
61[+] organizationName : Starfield Technologies, Inc.
62[+] organizationalUnitName : http://certs.starfieldtech.com/repository/
63[+] commonName : Starfield Secure Certificate Authority - G2
64[+] Version : 3
65[+] Serial Number : DEFC0669A4E2EEF1
66[+] Not Before : Jan 14 17:52:33 2020 GMT
67[+] Not After : Jan 14 17:52:33 2022 GMT
68[+] OCSP : ('http://ocsp.starfieldtech.com/',)
69[+] subject Alt Name : (('DNS', '*.prod.iad2.secureserver.net'), ('DNS', 'prod.iad2.secureserver.net'))
70[+] CA Issuers : ('http://certificates.starfieldtech.com/repository/sfig2.crt',)
71[+] CRL Distribution Points : ('http://crl.starfieldtech.com/sfig2s1-169.crl',)
72
73[+] Whois Lookup :
74
75[+] NIR : None
76[+] ASN Registry : arin
77[+] ASN : 26496
78[+] ASN CIDR : 107.180.0.0/18
79[+] ASN Country Code : US
80[+] ASN Date : 2014-02-11
81[+] ASN Description : AS-26496-GO-DADDY-COM-LLC, US
82[+] cidr : 107.180.0.0/17
83[+] name : GO-DADDY-COM-LLC
84[+] handle : NET-107-180-0-0-1
85[+] range : 107.180.0.0 - 107.180.127.255
86[+] description : GoDaddy.com, LLC
87[+] country : US
88[+] state : AZ
89[+] city : Scottsdale
90[+] address : 14455 N Hayden Road
91Suite 226
92[+] postal_code : 85260
93[+] emails : ['abuse@godaddy.com', 'noc@godaddy.com']
94[+] created : 2014-02-11
95[+] updated : 2014-02-25
96
97[+] Crawling Target...
98
99[+] Looking for robots.txt........[ Found ]
100[+] Extracting robots Links.......[ 2 ]
101[+] Looking for sitemap.xml.......[ Not Found ]
102[+] Extracting CSS Links..........[ 5 ]
103[+] Extracting Javascript Links...[ 22 ]
104[+] Extracting Internal Links.....[ 18 ]
105[+] Extracting External Links.....[ 3 ]
106[+] Extracting Images.............[ 38 ]
107
108[+] Total Links Extracted : 88
109
110[+] Dumping Links in /opt/FinalRecon/dumps/www.paltahass.cl.dump
111[+] Completed!
112####################################################################################################################################
113[i] Scanning Site: http://www.paltahass.cl
114
115
116
117B A S I C I N F O
118====================
119
120
121[+] Site Title: Palta Hass Chile | Comité de Paltas de Chile
122[+] IP address: 107.180.28.114
123[+] Web Server: Apache
124[+] CMS: WordPress
125[+] Cloudflare: Not Detected
126[+] Robots File: Found
127
128-------------[ contents ]----------------
129User-agent: *
130Disallow: /wp-admin/
131Allow: /wp-admin/admin-ajax.php
132
133-----------[end of contents]-------------
134
135
136
137W H O I S L O O K U P
138========================
139
140 %%
141%% This is the NIC Chile Whois server (whois.nic.cl).
142%%
143%% Rights restricted by copyright.
144%% See https://www.nic.cl/normativa/politica-publicacion-de-datos-cl.pdf
145%%
146
147Domain name: paltahass.cl
148Registrant name: Comite de Paltas Hass de Chile A G
149Registrant organisation:
150Registrar name: Hosting Concepts B.V. d/b/a Registrar.eu
151Registrar URL: https://www.openprovider.es
152Creation date: 2005-04-08 20:16:33 CLST
153Expiration date: 2020-05-06 17:16:03 CLST
154Name server: ns43.domaincontrol.com
155Name server: ns44.domaincontrol.com
156
157%%
158%% For communication with domain contacts please use website.
159%% See https://www.nic.cl/registry/Whois.do?d=paltahass.cl
160%%
161
162
163
164
165G E O I P L O O K U P
166=========================
167
168[i] IP Address: 107.180.28.114
169[i] Country: United States
170[i] State: Arizona
171[i] City: Scottsdale
172[i] Latitude: 33.6013
173[i] Longitude: -111.8867
174
175
176
177
178H T T P H E A D E R S
179=======================
180
181
182[i] HTTP/1.1 200 OK
183[i] Date: Thu, 12 Mar 2020 12:35:30 GMT
184[i] Server: Apache
185[i] Upgrade: h2,h2c
186[i] Connection: Upgrade, close
187[i] Last-Modified: Thu, 12 Mar 2020 09:05:21 GMT
188[i] Accept-Ranges: bytes
189[i] Content-Length: 91746
190[i] Vary: Accept-Encoding,User-Agent
191[i] Cache-Control: max-age=0, no-cache, no-store, must-revalidate
192[i] Pragma: no-cache
193[i] Expires: Mon, 29 Oct 1923 20:30:00 GMT
194[i] Content-Type: text/html; charset=UTF-8
195
196
197
198
199D N S L O O K U P
200===================
201
202paltahass.cl. 10799 IN A 107.180.28.114
203paltahass.cl. 3599 IN NS ns43.domaincontrol.com.
204paltahass.cl. 3599 IN NS ns44.domaincontrol.com.
205paltahass.cl. 3599 IN SOA ns43.domaincontrol.com. dns.jomax.net. 2020030601 28800 7200 604800 600
206paltahass.cl. 3599 IN MX 5 alt1.aspmx.l.google.com.
207paltahass.cl. 3599 IN MX 5 alt2.aspmx.l.google.com.
208paltahass.cl. 3599 IN MX 1 aspmx.l.google.com.
209paltahass.cl. 3599 IN MX 10 aspmx2.googlemail.com.
210paltahass.cl. 3599 IN MX 10 aspmx3.googlemail.com.
211paltahass.cl. 3599 IN TXT "v=spf1 include:_spf.google.com ~all"
212
213
214
215
216S U B N E T C A L C U L A T I O N
217====================================
218
219Address = 107.180.28.114
220Network = 107.180.28.114 / 32
221Netmask = 255.255.255.255
222Broadcast = not needed on Point-to-Point links
223Wildcard Mask = 0.0.0.0
224Hosts Bits = 0
225Max. Hosts = 1 (2^0 - 0)
226Host Range = { 107.180.28.114 - 107.180.28.114 }
227
228
229
230N M A P P O R T S C A N
231============================
232
233Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-12 12:35 UTC
234Nmap scan report for paltahass.cl (107.180.28.114)
235Host is up (0.0074s latency).
236rDNS record for 107.180.28.114: ip-107-180-28-114.ip.secureserver.net
237
238PORT STATE SERVICE
23921/tcp open ftp
24022/tcp open ssh
24180/tcp open http
242443/tcp open https
243
244Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
245
246
247
248S U B - D O M A I N F I N D E R
249==================================
250
251
252[i] Total Subdomains Found : 1
253
254[+] Subdomain: prueba.paltahass.cl
255[-] IP: 107.180.28.114
256###################################################################################################################################
257[+] Starting At 2020-03-12 08:36:48.212170
258[+] Collecting Information On: http://www.paltahass.cl/
259[#] Status: 200
260--------------------------------------------------
261[#] Web Server Detected: Apache
262[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
263- Date: Thu, 12 Mar 2020 12:36:45 GMT
264- Server: Apache
265- Vary: User-Agent,Accept-Encoding
266- Upgrade: h2,h2c
267- Connection: Upgrade, Keep-Alive
268- Last-Modified: Thu, 12 Mar 2020 09:05:21 GMT
269- Accept-Ranges: bytes
270- Content-Encoding: gzip
271- Cache-Control: max-age=0, no-cache, no-store, must-revalidate
272- Pragma: no-cache
273- Expires: Mon, 29 Oct 1923 20:30:00 GMT
274- Content-Length: 18909
275- Keep-Alive: timeout=5
276- Content-Type: text/html; charset=UTF-8
277--------------------------------------------------
278[#] Finding Location..!
279[#] status: success
280[#] country: United States
281[#] countryCode: US
282[#] region: AZ
283[#] regionName: Arizona
284[#] city: Scottsdale
285[#] zip: 85260
286[#] lat: 33.6173
287[#] lon: -111.905
288[#] timezone: America/Phoenix
289[#] isp: GoDaddy.com, LLC
290[#] org: GoDaddy.com, LLC
291[#] as: AS26496 GoDaddy.com, LLC
292[#] query: 107.180.28.114
293--------------------------------------------------
294[x] Didn't Detect WAF Presence on: http://www.paltahass.cl/
295--------------------------------------------------
296[#] Starting Reverse DNS
297[!] Found 22 any Domain
298- 7thgenerationpower.com
299- 8thstep.org
300- eac-corp.com
301- gothamdesign.net
302- gracelifedallas.org
303- greengatesmarket.com
304- metal-vlaskido.rs
305- mmlodge.org
306- onetechies.com
307- onetechshop.com
308- paltahass.cl
309- sigmaways.com
310- stridephysiotherapy.ca
311- tusermon.com
312- www.agameglobal.net
313- www.arcanetech.com
314- www.bellogarris.com
315- www.danaperino.com
316- www.jselectric.com
317- www.specializedtreeworks.com
318- www.timstorey.com
319- www.unitedwholesale.com
320--------------------------------------------------
321[!] Scanning Open Port
322[#] 21/tcp open ftp
323[#] 22/tcp open ssh
324[#] 25/tcp open smtp
325[#] 80/tcp open http
326[#] 110/tcp open pop3
327[#] 143/tcp open imap
328[#] 443/tcp open https
329[#] 465/tcp open smtps
330[#] 587/tcp open submission
331[#] 993/tcp open imaps
332[#] 995/tcp open pop3s
333[#] 3306/tcp open mysql
334--------------------------------------------------
335[+] Getting SSL Info
336[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
337--------------------------------------------------
338[+] Collecting Information Disclosure!
339[#] Detecting sitemap.xml file
340[-] sitemap.xml file not Found!?
341[#] Detecting robots.txt file
342[!] robots.txt File Found: http://www.paltahass.cl//robots.txt
343[#] Detecting GNU Mailman
344[!] GNU Mailman App Detected: http://www.paltahass.cl//mailman/admin
345[!] version: 2.1.27
346--------------------------------------------------
347[+] Crawling Url Parameter On: http://www.paltahass.cl/
348--------------------------------------------------
349[#] Searching Html Form !
350[+] Html Form Discovered
351[#] action: http://www.paltahass.cl/
352[#] class: ['et-search-form']
353[#] id: None
354[#] method: get
355--------------------------------------------------
356[!] Found 1 dom parameter
357[#] http://www.paltahass.cl/wp-json/oembed/1.0/embed?url=http%3A%2F%2Fwww.paltahass.cl%2F&format=xml
358--------------------------------------------------
359[!] 4 Internal Dynamic Parameter Discovered
360[+] http://www.paltahass.cl////www.paltahass.cl/wp-content/plugins/smart-slider-3/library/media/smartslider.min.css?1559051762
361[+] http://www.paltahass.cl/xmlrpc.php?rsd
362[+] http://www.paltahass.cl/wp-json/oembed/1.0/embed?url=http%3A%2F%2Fwww.paltahass.cl%2F
363[+] http://www.paltahass.cl/wp-json/oembed/1.0/embed?url=http%3A%2F%2Fwww.paltahass.cl%2F&format=xml
364--------------------------------------------------
365[!] 1 External Dynamic Parameter Discovered
366[#] https://fonts.googleapis.com/css?family=Montserrat
367--------------------------------------------------
368[!] 52 Internal links Discovered
369[+] http://www.paltahass.cl/xmlrpc.php
370[+] http://www.paltahass.cl/wp-content/plugins/wp-forecast/wp-forecast-default.css
371[+] http://www.paltahass.cl////www.paltahass.cl/wp-content/cache/wpfc-minified/1osaifn2/afdmq.css
372[+] http://www.paltahass.cl/
373[+] http://www.paltahass.cl/en/
374[+] http://www.paltahass.cl/zh-hans/
375[+] http://www.paltahass.cl/feed/
376[+] http://www.paltahass.cl/comments/feed/
377[+] http://www.paltahass.cl////www.paltahass.cl/wp-content/cache/wpfc-minified/e5zuxegv/afdmq.css
378[+] http://www.paltahass.cl////www.paltahass.cl/wp-content/cache/wpfc-minified/dfe349gi/afdmq.css
379[+] http://www.paltahass.cl/wp-includes/wlwmanifest.xml
380[+] http://www.paltahass.cl/
381[+] http://www.paltahass.cl/wp-content/uploads/2018/06/logo-png.png
382[+] http://www.paltahass.cl/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css
383[+] http://www.paltahass.cl/wp-content/uploads/2018/06/logo-png-150x150.png
384[+] http://www.paltahass.cl/wp-content/uploads/2018/06/logo-png-300x300.png
385[+] http://www.paltahass.cl/wp-content/uploads/2018/06/logo-png-300x300.png
386[+] http://www.paltahass.cl/wp-content/cache/et/global/et-divi-customizer-global-15835304915241.min.css
387[+] http://www.paltahass.cl////www.paltahass.cl/wp-content/cache/wpfc-minified/10jv1v38/9ub1u.css
388[+] http://www.paltahass.cl//mailto:info@paltahass.cl
389[+] http://www.paltahass.cl/
390[+] http://www.paltahass.cl/en/
391[+] http://www.paltahass.cl/zh-hans/
392[+] http://www.paltahass.cl/
393[+] http://www.paltahass.cl/
394[+] http://www.paltahass.cl/quienes-somos/
395[+] http://www.paltahass.cl/medio-ambiente/
396[+] http://www.paltahass.cl/estadisticas/
397[+] http://www.paltahass.cl/salud/
398[+] http://www.paltahass.cl/recetas/
399[+] http://www.paltahass.cl/noticias/
400[+] http://www.paltahass.cl/prensa/
401[+] http://www.paltahass.cl/socios-comite/
402[+] http://www.paltahass.cl/contacto/
403[+] http://www.paltahass.cl/salud/
404[+] http://www.paltahass.cl/quienes-somos/
405[+] http://www.paltahass.cl//" class=
406[+] http://www.paltahass.cl//" class=
407[+] http://www.paltahass.cl/quienes-somos
408[+] http://www.paltahass.cl/noticias
409[+] http://www.paltahass.cl/medio-ambiente
410[+] http://www.paltahass.cl/recetas
411[+] http://www.paltahass.cl/salud
412[+] http://www.paltahass.cl/campanas
413[+] http://prueba.paltahass.cl/campanas
414[+] http://paltahass.cl/
415[+] http://www.paltahass.cl/
416[+] http://www.paltahass.cl/quienes-somos/
417[+] http://www.paltahass.cl/estadisticas/
418[+] http://www.paltahass.cl/noticias/
419[+] http://www.paltahass.cl/contacto/
420[+] http://www.paltahass.cl////www.paltahass.cl/wp-content/cache/wpfc-minified/e1rmbuy4/afdmq.css
421--------------------------------------------------
422[!] 1 External links Discovered
423[#] https://www.youtube.com/channel/UC1WiMPOyeXFzaScy9D473pw/featured
424--------------------------------------------------
425[#] Mapping Subdomain..
426[!] Found 2 Subdomain
427- paltahass.cl
428- prueba.paltahass.cl
429--------------------------------------------------
430[!] Done At 2020-03-12 08:37:27.584207
431####################################################################################################################################
432Trying "paltahass.cl"
433;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13621
434;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 8
435
436;; QUESTION SECTION:
437;paltahass.cl. IN ANY
438
439;; ANSWER SECTION:
440paltahass.cl. 3600 IN TXT "v=spf1 include:_spf.google.com ~all"
441paltahass.cl. 3600 IN MX 10 aspmx3.googlemail.com.
442paltahass.cl. 3600 IN MX 5 alt1.aspmx.l.google.com.
443paltahass.cl. 3600 IN MX 10 aspmx2.googlemail.com.
444paltahass.cl. 3600 IN MX 1 aspmx.l.google.com.
445paltahass.cl. 3600 IN MX 5 alt2.aspmx.l.google.com.
446paltahass.cl. 3600 IN SOA ns43.domaincontrol.com. dns.jomax.net. 2020030601 28800 7200 604800 600
447paltahass.cl. 10800 IN A 107.180.28.114
448paltahass.cl. 3600 IN NS ns44.domaincontrol.com.
449paltahass.cl. 3600 IN NS ns43.domaincontrol.com.
450
451;; ADDITIONAL SECTION:
452alt1.aspmx.l.google.com. 179 IN A 64.233.186.26
453alt2.aspmx.l.google.com. 179 IN A 172.253.116.26
454aspmx.l.google.com. 110 IN A 74.125.192.27
455ns43.domaincontrol.com. 19364 IN A 97.74.101.22
456ns44.domaincontrol.com. 8462 IN A 173.201.69.22
457alt1.aspmx.l.google.com. 180 IN AAAA 2800:3f0:4003:c00::1b
458alt2.aspmx.l.google.com. 111 IN AAAA 2a00:1450:400b:c02::1b
459aspmx.l.google.com. 179 IN AAAA 2607:f8b0:400d:c0c::1b
460
461Received 492 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 68 ms
462#######################################################################################################################################
463
464; <<>> DiG 9.11.16-2-Debian <<>> +trace paltahass.cl any
465;; global options: +cmd
466. 86400 IN NS a.root-servers.net.
467. 86400 IN NS b.root-servers.net.
468. 86400 IN NS c.root-servers.net.
469. 86400 IN NS d.root-servers.net.
470. 86400 IN NS e.root-servers.net.
471. 86400 IN NS f.root-servers.net.
472. 86400 IN NS g.root-servers.net.
473. 86400 IN NS h.root-servers.net.
474. 86400 IN NS i.root-servers.net.
475. 86400 IN NS j.root-servers.net.
476. 86400 IN NS k.root-servers.net.
477. 86400 IN NS l.root-servers.net.
478. 86400 IN NS m.root-servers.net.
479. 86400 IN RRSIG NS 8 0 518400 20200325050000 20200312040000 33853 . pRFXeNWOPsByvF/wxhgBTmqv/1iWPxvVR/zR44OBJU/wymCpcWi0GK+f g8NbQu9nqXybgZNtyONdUJIY+V0SHwZ02q64lJnD+N9q+FVeSEleDSPy Nm30CbdVtPUXDp63tvxUCtsxRjHDy9GMMSw2cj8ZEChN2mksDc/8yjFi YhDFw8CbqewOw6PgTf8COzgCULIm6mNh9UPOsyTZRSFW+PK+vJm6y53E 9/R8nVr0GGfhLv5FMymDkZt4uDuuwrqCH7ecATNOxMukRn86qR3v4zkE 3fnMHkkrUWNsi3VbwTePqpjXFMYHPGq1ZV1hIWJJENvB4rKoEnpkDAqB rmiAOg==
480;; Received 525 bytes from 10.101.0.243#53(10.101.0.243) in 382 ms
481
482cl. 172800 IN NS a.nic.cl.
483cl. 172800 IN NS b.nic.cl.
484cl. 172800 IN NS c.nic.cl.
485cl. 172800 IN NS cl1.dnsnode.net.
486cl. 172800 IN NS cl-ns.anycast.pch.net.
487cl. 172800 IN NS cl1-tld.d-zone.ca.
488cl. 172800 IN NS cl2-tld.d-zone.ca.
489cl. 86400 IN DS 21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
490cl. 86400 IN RRSIG DS 8 1 86400 20200325050000 20200312040000 33853 . lnUAwR6Tpl2QmyGszS0aIIOOyfbB6snXVmdSuppgXLSsfgF2lRxcgdQH wNAY/ENrT421N4yaZclXBzL/NQzovDSbqKiKkcSqUNzkUxWDFeTGvnDe VOh5d3c8F3h2+x/RAiTOU7q+b8+06Ogu5Qqoc28RHTKZVgGJFWsL3Mk9 hmG3MQH51CDRfv1RMlLKRIHVJCuAAjBuCDtIn2ph7v9Zx3yKu9vpT8Vi NzeySiv26tWjUGoJOiYEWfk6HdCiEl8BhgyymGBSCGilVAsl1vLylMS/ 6v5mvotpR/UOXCYNeun5CoNNZUd7AFShe6Jdkv0H/uVuZ8+uTuo5s43m 4jwzQw==
491;; Received 822 bytes from 2001:500:a8::e#53(e.root-servers.net) in 26 ms
492
493paltahass.cl. 3600 IN NS ns43.domaincontrol.com.
494paltahass.cl. 3600 IN NS ns44.domaincontrol.com.
4957f0lj4k4dlp3qm09sp2c7u6p4gosu7cf.cl. 900 IN NSEC3 1 1 2 CF2C58AE6CE94E8C70318BA84C2EE830 7F15SLC9A2DGJMEMHH3QC46IOGK6OBEB NS SOA TXT RRSIG DNSKEY NSEC3PARAM
496dbeivn0f0gi1kumdrotdfkv3jo550vir.cl. 900 IN NSEC3 1 1 2 CF2C58AE6CE94E8C70318BA84C2EE830 DELAB3KOFMASPJ5S9O3505IQ3QQ0L282 NS DS RRSIG
4977f0lj4k4dlp3qm09sp2c7u6p4gosu7cf.cl. 900 IN RRSIG NSEC3 8 2 900 20200423081810 20200312120024 24384 cl. vPJUgW39dnjYiYanlMAO0Vo5AXPfcj1wiqe+ulvX1Bb7bZUmNaH02K7F OwMQD2Hx5zePiHDqEI+l+AESAcEO7dRSoBcM3B0EkZyvEAKY+lAGdmF5 0gNEBt2QWF8UFJ3wLOp775x2J80u+1z1QMEr++48HCCvg9eL2end1HJS 9Kk=
498dbeivn0f0gi1kumdrotdfkv3jo550vir.cl. 900 IN RRSIG NSEC3 8 2 900 20200425112702 20200312120024 24384 cl. dUbGmfNHpZV82BxwNrrOWTVCW4uUGxqR6/YbJs6/+XztIMwf+zquwnLh UF9J7GmVsgEn149PYjH7EN5Z6ldwppmmUehR9arv9Iys3Zvusi3BaAzh OrDe8thCS0vN9U+4r7EntzSluLEUqTDWlypQU1DAVnRpFtGTcffLyHu4 g9U=
499;; Received 611 bytes from 2620:10a:80ab::56#53(cl2-tld.d-zone.ca) in 44 ms
500
501;; communications error to 173.201.69.22#53: end of file
502;; communications error to 173.201.69.22#53: end of file
503#######################################################################################################################################
504[*] Performing General Enumeration of Domain: paltahass.cl
505[-] DNSSEC is not configured for paltahass.cl
506[*] SOA ns43.domaincontrol.com 97.74.101.22
507[*] NS ns43.domaincontrol.com 97.74.101.22
508[*] NS ns43.domaincontrol.com 2603:5:2152::16
509[*] NS ns44.domaincontrol.com 173.201.69.22
510[*] NS ns44.domaincontrol.com 2603:5:2252::16
511[*] MX alt1.aspmx.l.google.com 209.85.233.27
512[*] MX alt2.aspmx.l.google.com 172.253.118.26
513[*] MX aspmx.l.google.com 108.177.15.26
514[*] MX aspmx2.googlemail.com 209.85.233.26
515[*] MX aspmx3.googlemail.com 172.253.118.26
516[*] MX alt1.aspmx.l.google.com 2a00:1450:4010:c03::1b
517[*] MX alt2.aspmx.l.google.com 2404:6800:4003:c05::1b
518[*] MX aspmx.l.google.com 2a00:1450:400c:c02::1a
519[*] MX aspmx2.googlemail.com 2a00:1450:4010:c03::1a
520[*] MX aspmx3.googlemail.com 2404:6800:4003:c05::1b
521[*] A paltahass.cl 107.180.28.114
522[*] Enumerating SRV Records
523[-] No SRV Records Found for paltahass.cl
524[+] 0 Records Found
525#######################################################################################################################################
526 AVAILABLE PLUGINS
527 -----------------
528
529 OpenSslCipherSuitesPlugin
530 OpenSslCcsInjectionPlugin
531 SessionResumptionPlugin
532 SessionRenegotiationPlugin
533 CompressionPlugin
534 CertificateInfoPlugin
535 FallbackScsvPlugin
536 HttpHeadersPlugin
537 EarlyDataPlugin
538 HeartbleedPlugin
539 RobotPlugin
540
541
542
543 CHECKING HOST(S) AVAILABILITY
544 -----------------------------
545
546 107.180.28.114:443 => 107.180.28.114
547
548
549
550
551 SCAN RESULTS FOR 107.180.28.114:443 - 107.180.28.114
552 ----------------------------------------------------
553
554 * Certificate Information:
555 Content
556 SHA1 Fingerprint: b028a254f0cefeaf1d20007e67d5ccbcb58c84c6
557 Common Name: *.prod.iad2.secureserver.net
558 Issuer: Starfield Secure Certificate Authority - G2
559 Serial Number: 16067724621358755569
560 Not Before: 2020-01-14 17:52:33
561 Not After: 2022-01-14 17:52:33
562 Signature Algorithm: sha256
563 Public Key Algorithm: RSA
564 Key Size: 2048
565 Exponent: 65537 (0x10001)
566 DNS Subject Alternative Names: ['*.prod.iad2.secureserver.net', 'prod.iad2.secureserver.net']
567
568 Trust
569 Hostname Validation: FAILED - Certificate does NOT match 107.180.28.114
570 Android CA Store (9.0.0_r9): OK - Certificate is trusted
571 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
572 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
573 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
574 Windows CA Store (2019-05-27): OK - Certificate is trusted
575 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
576 Received Chain: *.prod.iad2.secureserver.net --> Starfield Secure Certificate Authority - G2
577 Verified Chain: *.prod.iad2.secureserver.net --> Starfield Secure Certificate Authority - G2 --> Starfield Root Certificate Authority - G2
578 Received Chain Contains Anchor: OK - Anchor certificate not sent
579 Received Chain Order: OK - Order is valid
580 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
581
582 Extensions
583 OCSP Must-Staple: NOT SUPPORTED - Extension not found
584 Certificate Transparency: OK - 3 SCTs included
585
586 OCSP Stapling
587 OCSP Response Status: successful
588 Validation w/ Mozilla Store: OK - Response is trusted
589 Responder Id: C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, LLC", CN = Starfield Validation Authority - G2
590 Cert Status: good
591 Cert Serial Number: DEFC0669A4E2EEF1
592 This Update: Mar 12 05:57:49 2020 GMT
593 Next Update: Mar 13 17:57:49 2020 GMT
594
595 * OpenSSL Heartbleed:
596 OK - Not vulnerable to Heartbleed
597
598 * OpenSSL CCS Injection:
599 OK - Not vulnerable to OpenSSL CCS injection
600
601 * TLSV1_1 Cipher Suites:
602Unhandled exception while running --tlsv1_1:
603timeout - timed out
604
605 * TLS 1.2 Session Resumption Support:
606 With Session IDs: ERROR (0 successful, 0 failed, 5 errors, 5 total attempts).
607 ERROR #0: timeout - timed out
608 ERROR #1: timeout - timed out
609 ERROR #2: timeout - timed out
610 ERROR #3: timeout - timed out
611 ERROR #4: timeout - timed out
612 With TLS Tickets: ERROR: timeout - timed out
613
614 * ROBOT Attack:
615Unhandled exception while running --robot:
616timeout - timed out
617
618 * Session Renegotiation:
619Unhandled exception while running --reneg:
620timeout - timed out
621
622 * TLSV1_2 Cipher Suites:
623 Forward Secrecy OK - Supported
624 RC4 OK - Not Supported
625
626 Preferred:
627 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
628 Accepted:
629 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
630 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
631 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
632 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
633 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
634 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
635 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
636 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
637 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
638 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
639 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
640 Undefined - An unexpected error happened:
641 TLS_RSA_WITH_SEED_CBC_SHA timeout - timed out
642 TLS_RSA_WITH_NULL_SHA timeout - timed out
643 TLS_RSA_WITH_DES_CBC_SHA timeout - timed out
644 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
645 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 timeout - timed out
646 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
647 TLS_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
648 TLS_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
649 TLS_RSA_WITH_AES_256_CBC_SHA timeout - timed out
650 TLS_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
651 TLS_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
652 TLS_RSA_WITH_AES_128_CBC_SHA timeout - timed out
653 TLS_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
654 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 timeout - timed out
655 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
656 TLS_ECDH_anon_WITH_NULL_SHA timeout - timed out
657 TLS_ECDH_anon_WITH_AES_256_CBC_SHA timeout - timed out
658 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA timeout - timed out
659 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
660 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
661 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
662 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
663 TLS_ECDH_ECDSA_WITH_RC4_128_SHA timeout - timed out
664 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
665 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
666 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
667 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 timeout - timed out
668 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 timeout - timed out
669 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
670 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
671 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
672 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA timeout - timed out
673 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 timeout - timed out
674 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 timeout - timed out
675 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
676 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
677 TLS_DH_anon_WITH_SEED_CBC_SHA timeout - timed out
678 TLS_DH_anon_WITH_RC4_128_MD5 timeout - timed out
679 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 timeout - timed out
680 TLS_DH_anon_WITH_AES_256_CBC_SHA256 timeout - timed out
681 TLS_DH_anon_WITH_AES_128_CBC_SHA256 timeout - timed out
682 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 timeout - timed out
683 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
684 TLS_DH_RSA_WITH_SEED_CBC_SHA timeout - timed out
685 TLS_DH_RSA_WITH_DES_CBC_SHA timeout - timed out
686 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
687 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
688 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
689 TLS_DH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
690 TLS_DH_DSS_WITH_DES_CBC_SHA timeout - timed out
691 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
692 TLS_DHE_RSA_WITH_DES_CBC_SHA timeout - timed out
693 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 timeout - timed out
694 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
695 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 timeout - timed out
696 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
697 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
698 TLS_DHE_DSS_WITH_DES_CBC_SHA timeout - timed out
699 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 timeout - timed out
700 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 timeout - timed out
701 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
702 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
703 TLS_DHE_DSS_WITH_AES_128_CBC_SHA timeout - timed out
704 RSA_WITH_AES_256_CCM timeout - timed out
705 RSA_WITH_AES_128_CCM_8 timeout - timed out
706 ECDHE_ECDSA_WITH_AES_128_CCM_8 timeout - timed out
707 ECDHE_ECDSA_WITH_AES_128_CCM timeout - timed out
708 ECDHE-ECDSA-ARIA256-GCM-SHA384 timeout - timed out
709 ECDHE-ECDSA-ARIA128-GCM-SHA256 timeout - timed out
710 ECDHE-ARIA256-GCM-SHA384 timeout - timed out
711 DHE_RSA_WITH_AES_128_CCM_8 timeout - timed out
712 DHE-RSA-ARIA128-GCM-SHA256 timeout - timed out
713 DHE-DSS-ARIA256-GCM-SHA384 timeout - timed out
714 DHE-DSS-ARIA128-GCM-SHA256 timeout - timed out
715
716 * TLSV1 Cipher Suites:
717 Server rejected all cipher suites.
718 Undefined - An unexpected error happened:
719 TLS_RSA_WITH_SEED_CBC_SHA timeout - timed out
720 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
721 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
722 TLS_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
723 TLS_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
724 TLS_RSA_WITH_AES_256_CBC_SHA timeout - timed out
725 TLS_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
726 TLS_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
727 TLS_RSA_WITH_AES_128_CBC_SHA timeout - timed out
728 TLS_ECDH_anon_WITH_AES_256_CBC_SHA timeout - timed out
729 TLS_ECDH_anon_WITH_AES_128_CBC_SHA timeout - timed out
730 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
731 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
732 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
733 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
734 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
735 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
736 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
737 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
738 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
739 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
740 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
741 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
742 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
743 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
744 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
745 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
746 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
747 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
748 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
749 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
750 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA timeout - timed out
751 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
752 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
753 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
754 TLS_DH_anon_WITH_SEED_CBC_SHA timeout - timed out
755 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
756 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
757 TLS_DH_anon_WITH_AES_256_GCM_SHA384 timeout - timed out
758 TLS_DH_anon_WITH_AES_256_CBC_SHA256 timeout - timed out
759 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
760 TLS_DH_anon_WITH_AES_128_GCM_SHA256 timeout - timed out
761 TLS_DH_anon_WITH_AES_128_CBC_SHA256 timeout - timed out
762 TLS_DH_anon_WITH_AES_128_CBC_SHA timeout - timed out
763 TLS_DH_RSA_WITH_SEED_CBC_SHA timeout - timed out
764 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
765 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
766 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
767 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
768 TLS_DH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
769 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
770 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
771 TLS_DH_RSA_WITH_AES_128_CBC_SHA timeout - timed out
772 TLS_DH_DSS_WITH_SEED_CBC_SHA timeout - timed out
773 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
774 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
775 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
776 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
777 TLS_DH_DSS_WITH_AES_256_CBC_SHA timeout - timed out
778 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 timeout - timed out
779 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
780 TLS_DH_DSS_WITH_AES_128_CBC_SHA timeout - timed out
781 TLS_DHE_RSA_WITH_SEED_CBC_SHA timeout - timed out
782 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
783 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
784 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
785 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
786 TLS_DHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
787 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
788 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 timeout - timed out
789 TLS_DHE_RSA_WITH_AES_128_CBC_SHA timeout - timed out
790 TLS_DHE_DSS_WITH_SEED_CBC_SHA timeout - timed out
791 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
792 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
793 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
794 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 timeout - timed out
795 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
796 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 timeout - timed out
797 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
798 TLS_DHE_DSS_WITH_AES_128_CBC_SHA timeout - timed out
799
800 * Downgrade Attacks:
801 TLS_FALLBACK_SCSV: OK - Supported
802
803 * Deflate Compression:
804 OK - Compression disabled
805
806 * SSLV2 Cipher Suites:
807 Server rejected all cipher suites.
808
809 * TLSV1_3 Cipher Suites:
810 Server rejected all cipher suites.
811
812 * SSLV3 Cipher Suites:
813 Server rejected all cipher suites.
814
815
816 SCAN COMPLETED IN 140.81 S
817 --------------------------
818#######################################################################################################################################
819traceroute to www.paltahass.cl (107.180.28.114), 30 hops max, 60 byte packets
820 1 _gateway (10.202.3.1) 223.938 ms 230.543 ms 230.555 ms
821 2 unn-84-17-52-126.cdn77.com (84.17.52.126) 230.554 ms 230.553 ms 230.551 ms
822 3 hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129) 230.548 ms 230.545 ms 230.543 ms
823 4 be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182) 230.552 ms 230.549 ms 230.507 ms
824 5 be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18) 335.323 ms 230.514 ms be3073.ccr22.muc03.atlas.cogentco.com (130.117.0.62) 335.316 ms
825 6 be2960.ccr42.fra03.atlas.cogentco.com (154.54.36.253) 335.309 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53) 336.940 ms 208.678 ms
826 7 be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117) 208.614 ms 208.614 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2) 208.577 ms
827 8 telia.fra03.atlas.cogentco.com (130.117.14.198) 208.449 ms 208.444 ms 208.454 ms
828 9 ffm-bb1-link.telia.net (62.115.114.88) 231.000 ms ffm-bb2-link.telia.net (62.115.114.90) 208.472 ms 230.884 ms
82910 prs-bb3-link.telia.net (62.115.123.13) 230.899 ms prs-bb4-link.telia.net (62.115.114.98) 208.373 ms prs-bb4-link.telia.net (62.115.122.138) 345.173 ms
83011 ash-bb2-link.telia.net (62.115.112.242) 230.838 ms ash-bb3-link.telia.net (62.115.122.159) 230.771 ms *
83112 rest-b1-link.telia.net (62.115.121.216) 225.072 ms 224.994 ms 224.988 ms
83213 ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111) 224.968 ms 224.827 ms 224.824 ms
83314 ip-184-168-6-83.ip.secureserver.net (184.168.6.83) 224.880 ms 224.848 ms 224.829 ms
834#######################################################################################################################################
835Domains still to check: 1
836 Checking if the hostname paltahass.cl. given is in fact a domain...
837
838Analyzing domain: paltahass.cl.
839 Checking NameServers using system default resolver...
840 IP: 97.74.101.22 (United States)
841 HostName: ns43.domaincontrol.com Type: NS
842 HostName: ns43.domaincontrol.com Type: PTR
843 IP: 173.201.69.22 (United States)
844 HostName: ns44.domaincontrol.com Type: NS
845 HostName: ns44.domaincontrol.com Type: PTR
846
847 Checking MailServers using system default resolver...
848 IP: 209.85.233.27 (United States)
849 HostName: alt1.aspmx.l.google.com Type: MX
850 HostName: lr-in-f27.1e100.net Type: PTR
851 IP: 172.253.118.27 (United States)
852 HostName: alt2.aspmx.l.google.com Type: MX
853 IP: 74.125.133.27 (United States)
854 HostName: aspmx.l.google.com Type: MX
855 HostName: wo-in-f27.1e100.net Type: PTR
856 IP: 209.85.233.27 (United States)
857 HostName: alt1.aspmx.l.google.com Type: MX
858 HostName: lr-in-f27.1e100.net Type: PTR
859 HostName: aspmx2.googlemail.com Type: MX
860 IP: 172.253.118.27 (United States)
861 HostName: alt2.aspmx.l.google.com Type: MX
862 HostName: aspmx3.googlemail.com Type: MX
863
864 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
865 No zone transfer found on nameserver 97.74.101.22
866 No zone transfer found on nameserver 173.201.69.22
867
868 Checking SPF record...
869
870 Checking SPF record...
871
872 Checking SPF record...
873 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 35.190.247.0/24, but only the network IP
874 New IP found: 35.190.247.0
875 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.233.160.0/19, but only the network IP
876 New IP found: 64.233.160.0
877 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.102.0.0/20, but only the network IP
878 New IP found: 66.102.0.0
879 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.249.80.0/20, but only the network IP
880 New IP found: 66.249.80.0
881 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 72.14.192.0/18, but only the network IP
882 New IP found: 72.14.192.0
883 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 74.125.0.0/16, but only the network IP
884 New IP found: 74.125.0.0
885 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 108.177.8.0/21, but only the network IP
886 New IP found: 108.177.8.0
887 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 173.194.0.0/16, but only the network IP
888 New IP found: 173.194.0.0
889 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 209.85.128.0/17, but only the network IP
890 New IP found: 209.85.128.0
891 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.58.192.0/19, but only the network IP
892 New IP found: 216.58.192.0
893 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 216.239.32.0/19, but only the network IP
894 New IP found: 216.239.32.0
895
896 Checking SPF record...
897 There are no IPv4 addresses in the SPF. Maybe IPv6.
898 There are no IPv4 addresses in the SPF. Maybe IPv6.
899 There are no IPv4 addresses in the SPF. Maybe IPv6.
900 There are no IPv4 addresses in the SPF. Maybe IPv6.
901 There are no IPv4 addresses in the SPF. Maybe IPv6.
902 There are no IPv4 addresses in the SPF. Maybe IPv6.
903
904 Checking SPF record...
905 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.0.0/19, but only the network IP
906 New IP found: 172.217.0.0
907 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.32.0/20, but only the network IP
908 New IP found: 172.217.32.0
909 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.128.0/19, but only the network IP
910 New IP found: 172.217.128.0
911 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.160.0/20, but only the network IP
912 New IP found: 172.217.160.0
913 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.217.192.0/19, but only the network IP
914 New IP found: 172.217.192.0
915 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.253.56.0/21, but only the network IP
916 New IP found: 172.253.56.0
917 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 172.253.112.0/20, but only the network IP
918 New IP found: 172.253.112.0
919 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 108.177.96.0/19, but only the network IP
920 New IP found: 108.177.96.0
921 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 35.191.0.0/16, but only the network IP
922 New IP found: 35.191.0.0
923 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 130.211.0.0/22, but only the network IP
924 New IP found: 130.211.0.0
925
926 Checking 192 most common hostnames using system default resolver...
927 IP: 107.180.28.114 (United States)
928 HostName: www.paltahass.cl. Type: A
929 IP: 107.180.28.114 (United States)
930 HostName: www.paltahass.cl. Type: A
931 HostName: mail.paltahass.cl. Type: A
932 HostName: ip-107-180-28-114.ip.secureserver.net Type: PTR
933
934 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
935 Checking netblock 216.58.192.0
936 Checking netblock 172.253.112.0
937 Checking netblock 108.177.96.0
938 Checking netblock 172.217.32.0
939 Checking netblock 172.253.56.0
940 Checking netblock 172.217.192.0
941 Checking netblock 173.194.0.0
942 Checking netblock 74.125.0.0
943 Checking netblock 130.211.0.0
944 Checking netblock 172.217.128.0
945 Checking netblock 97.74.101.0
946 Checking netblock 173.201.69.0
947 Checking netblock 216.239.32.0
948 Checking netblock 172.253.118.0
949 Checking netblock 172.217.160.0
950 Checking netblock 66.102.0.0
951 Checking netblock 108.177.8.0
952 Checking netblock 107.180.28.0
953 Checking netblock 209.85.128.0
954 Checking netblock 172.217.0.0
955 Checking netblock 35.190.247.0
956 Checking netblock 72.14.192.0
957 Checking netblock 66.249.80.0
958 Checking netblock 209.85.233.0
959 Checking netblock 35.191.0.0
960 Checking netblock 74.125.133.0
961 Checking netblock 64.233.160.0
962
963 Searching for paltahass.cl. emails in Google
964 aochagavia@paltahass.cl
965 tedepaltas@paltahass.cl.
966 aochagavia@paltahass.cl.
967 rwaissbluth@paltahass.cl,
968 jlazo@paltahass.cl
969
970 Checking 27 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
971 Host 216.58.192.0 is up (echo-reply ttl 45)
972 Host 172.253.112.0 is down
973 Host 108.177.96.0 is down
974 Host 172.217.32.0 is down
975 Host 172.253.56.0 is down
976 Host 172.217.192.0 is down
977 Host 173.194.0.0 is down
978 Host 74.125.0.0 is down
979 Host 130.211.0.0 is down
980 Host 172.217.128.0 is up (reset ttl 243)
981 Host 97.74.101.22 is up (echo-reply ttl 53)
982 Host 173.201.69.22 is up (echo-reply ttl 57)
983 Host 216.239.32.0 is down
984 Host 172.253.118.27 is up (syn-ack ttl 101)
985 Host 172.217.160.0 is up (echo-reply ttl 46)
986 Host 66.102.0.0 is down
987 Host 108.177.8.0 is down
988 Host 107.180.28.114 is down
989 Host 209.85.128.0 is down
990 Host 172.217.0.0 is up (echo-reply ttl 53)
991 Host 35.190.247.0 is up (echo-reply ttl 56)
992 Host 72.14.192.0 is up (echo-reply ttl 56)
993 Host 66.249.80.0 is down
994 Host 209.85.233.27 is up (echo-reply ttl 45)
995 Host 35.191.0.0 is down
996 Host 74.125.133.27 is up (echo-reply ttl 45)
997 Host 64.233.160.0 is down
998
999 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1000 Scanning ip 216.58.192.0 ():
1001 80/tcp open http syn-ack ttl 108 gws
1002 | fingerprint-strings:
1003 | GetRequest:
1004 | HTTP/1.0 200 OK
1005 | Date: Thu, 12 Mar 2020 13:32:30 GMT
1006 | Expires: -1
1007 | Cache-Control: private, max-age=0
1008 | Content-Type: text/html; charset=ISO-8859-1
1009 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1010 | Server: gws
1011 | X-XSS-Protection: 0
1012 | X-Frame-Options: SAMEORIGIN
1013 | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:32:30 GMT; path=/; domain=.google.com; Secure
1014 | Set-Cookie: NID=200=YtvDxAsZH5p191KMl64j2OcWR2EXa78i49yDlpBBpE0iNYcJKej6sRL6LRJadP9NVLOn98fiXAirZyJSWLHgGKN7GxpbeIDSZawlPiOyLgCHaL1hJH9L63sDeZa0ISxOKbqPNAEFrarz85jQSLpOTwUQO8K7hFFP-nEW-5hXaOc; expires=Fri, 11-Sep-2020 13:32:30 GMT; path=/; domain=.google.com; HttpOnly
1015 | Accept-Ranges: none
1016 | Vary: Accept-Encoding
1017 | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1018 | HTTPOptions:
1019 | HTTP/1.0 405 Method Not Allowed
1020 | Allow: GET, HEAD
1021 | Date: Thu, 12 Mar 2020 13:32:31 GMT
1022 | Content-Type: text/html; charset=UTF-8
1023 | Server: gws
1024 | Content-Length: 1592
1025 | X-XSS-Protection: 0
1026 | X-Frame-Options: SAMEORIGIN
1027 | <!DOCTYPE html>
1028 | <html lang=en>
1029 | <meta charset=utf-8>
1030 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1031 | <title>Error 405 (Method Not Allowed)!!1</title>
1032 | <style>
1033 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1034 |_http-favicon: Google
1035 | http-methods:
1036 |_ Supported Methods: GET HEAD
1037 | http-robots.txt: 217 disallowed entries (15 shown)
1038 | /search /sdch /groups /index.html? /? /?hl=*&
1039 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1040 |_http-server-header: gws
1041 |_http-title: Did not follow redirect to http://www.google.com/
1042 443/tcp open ssl/https syn-ack ttl 108 gws
1043 | fingerprint-strings:
1044 | GetRequest:
1045 | HTTP/1.0 200 OK
1046 | Date: Thu, 12 Mar 2020 13:32:37 GMT
1047 | Expires: -1
1048 | Cache-Control: private, max-age=0
1049 | Content-Type: text/html; charset=ISO-8859-1
1050 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1051 | Server: gws
1052 | X-XSS-Protection: 0
1053 | X-Frame-Options: SAMEORIGIN
1054 | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:32:37 GMT; path=/; domain=.google.com; Secure
1055 | Set-Cookie: NID=200=nM-OVmbzxUJaIgOIcWz9KlurdYfj_eoZLYyB-DBixzczdYk1TIj86zpfXn7333MdJ1OHlYwWR1Rzfg7N26tL9b7jCGOgBr8ywVtMjEaF1sdURy6SC8nntQfPlKbLxZg39Yat5xAQTYnxeK1wujyIHRhR8TgcNwWIN_LRb_lFPTI; expires=Fri, 11-Sep-2020 13:32:37 GMT; path=/; domain=.google.com; HttpOnly
1056 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1057 | Accept-Ranges: none
1058 | Vary: Accept-Encoding
1059 | <!doctype html><
1060 | HTTPOptions:
1061 | HTTP/1.0 405 Method Not Allowed
1062 | Allow: GET, HEAD
1063 | Date: Thu, 12 Mar 2020 13:32:39 GMT
1064 | Content-Type: text/html; charset=UTF-8
1065 | Server: gws
1066 | Content-Length: 1592
1067 | X-XSS-Protection: 0
1068 | X-Frame-Options: SAMEORIGIN
1069 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1070 | <!DOCTYPE html>
1071 | <html lang=en>
1072 | <meta charset=utf-8>
1073 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1074 | <title>Error 405 (Method Not Allowed)!!1</title>
1075 | <style>
1076 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1077 |_http-favicon: Google
1078 | http-methods:
1079 |_ Supported Methods: GET HEAD
1080 | http-robots.txt: 217 disallowed entries (15 shown)
1081 | /search /sdch /groups /index.html? /? /?hl=*&
1082 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1083 |_http-server-header: gws
1084 |_http-title: Did not follow redirect to http://www.google.com/
1085 | ssl-cert: Subject: commonName=invalid2.invalid
1086 | Issuer: commonName=invalid2.invalid
1087 | Public Key type: rsa
1088 | Public Key bits: 2048
1089 | Signature Algorithm: sha256WithRSAEncryption
1090 | Not valid before: 2015-01-01T00:00:00
1091 | Not valid after: 2030-01-01T00:00:00
1092 | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1093 |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1094 |_ssl-date: 2020-03-12T13:34:34+00:00; -4s from scanner time.
1095 | tls-alpn:
1096 | grpc-exp
1097 | h2
1098 |_ http/1.1
1099 | tls-nextprotoneg:
1100 | grpc-exp
1101 | h2
1102 |_ http/1.1
1103 Scanning ip 172.217.128.0 ():
1104 Device type: firewall|general purpose|printer
1105 Scanning ip 97.74.101.22 (ns43.domaincontrol.com (PTR)):
1106 53/tcp open tcpwrapped syn-ack ttl 57
1107 Scanning ip 173.201.69.22 (ns44.domaincontrol.com (PTR)):
1108 53/tcp open tcpwrapped syn-ack ttl 53
1109 Scanning ip 172.253.118.27 (aspmx3.googlemail.com):
1110 25/tcp open smtp syn-ack ttl 104 Google gsmtp
1111 | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 157286400, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1112 |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 y63si3757681pfy.122 - gsmtp
1113 | ssl-cert: Subject: commonName=mx.google.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1114 | Subject Alternative Name: DNS:mx.google.com, DNS:alt1.aspmx.l.google.com, DNS:alt1.gmail-smtp-in.l.google.com, DNS:alt1.gmr-smtp-in.l.google.com, DNS:alt2.aspmx.l.google.com, DNS:alt2.gmail-smtp-in.l.google.com, DNS:alt2.gmr-smtp-in.l.google.com, DNS:alt3.aspmx.l.google.com, DNS:alt3.gmail-smtp-in.l.google.com, DNS:alt3.gmr-smtp-in.l.google.com, DNS:alt4.aspmx.l.google.com, DNS:alt4.gmail-smtp-in.l.google.com, DNS:alt4.gmr-smtp-in.l.google.com, DNS:aspmx.l.google.com, DNS:aspmx2.googlemail.com, DNS:aspmx3.googlemail.com, DNS:aspmx4.googlemail.com, DNS:aspmx5.googlemail.com, DNS:gmail-smtp-in.l.google.com, DNS:gmr-mx.google.com, DNS:gmr-smtp-in.l.google.com, DNS:mx1.smtp.goog, DNS:mx2.smtp.goog, DNS:mx3.smtp.goog, DNS:mx4.smtp.goog
1115 | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1116 | Public Key type: rsa
1117 | Public Key bits: 2048
1118 | Signature Algorithm: sha256WithRSAEncryption
1119 | Not valid before: 2020-02-25T20:43:24
1120 | Not valid after: 2020-05-19T20:43:24
1121 | MD5: 2738 1c01 ccd8 4e62 f9b3 08d1 1fea ba05
1122 |_SHA-1: 320e ca4f 2b8b 89e9 4ed0 1f65 f18d d1c6 8b14 d0b3
1123 |_ssl-date: 2020-03-12T13:36:19+00:00; -4s from scanner time.
1124 Device type: specialized|PBX|printer
1125 OS Info: Service Info: Host: mx.google.com
1126 |_clock-skew: -4s
1127 Scanning ip 172.217.160.0 ():
1128 80/tcp open http syn-ack ttl 122 gws
1129 | fingerprint-strings:
1130 | GetRequest:
1131 | HTTP/1.0 200 OK
1132 | Date: Thu, 12 Mar 2020 13:36:35 GMT
1133 | Expires: -1
1134 | Cache-Control: private, max-age=0
1135 | Content-Type: text/html; charset=ISO-8859-1
1136 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1137 | Server: gws
1138 | X-XSS-Protection: 0
1139 | X-Frame-Options: SAMEORIGIN
1140 | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:36:35 GMT; path=/; domain=.google.com; Secure
1141 | Set-Cookie: NID=200=sC9IDTHJPsrV2j_cc0vlkGpDTIIo-uupsN183hdZnR-evwp3blaXugNTlUebCXwkz0idwEdNc9b4zavJMPK8_AizfQqY4ALZhbaK6YX9Pvim9VxmdCeBDpfQQjK6t_ZLqkfw3DKJBagjVuBpsv4ilhiZz1weTmaksUpEJj7SDxI; expires=Fri, 11-Sep-2020 13:36:35 GMT; path=/; domain=.google.com; HttpOnly
1142 | Accept-Ranges: none
1143 | Vary: Accept-Encoding
1144 | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1145 | HTTPOptions:
1146 | HTTP/1.0 405 Method Not Allowed
1147 | Allow: GET, HEAD
1148 | Date: Thu, 12 Mar 2020 13:36:36 GMT
1149 | Content-Type: text/html; charset=UTF-8
1150 | Server: gws
1151 | Content-Length: 1592
1152 | X-XSS-Protection: 0
1153 | X-Frame-Options: SAMEORIGIN
1154 | <!DOCTYPE html>
1155 | <html lang=en>
1156 | <meta charset=utf-8>
1157 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1158 | <title>Error 405 (Method Not Allowed)!!1</title>
1159 | <style>
1160 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1161 |_http-favicon: Google
1162 | http-methods:
1163 |_ Supported Methods: GET HEAD
1164 | http-robots.txt: 217 disallowed entries (15 shown)
1165 | /search /sdch /groups /index.html? /? /?hl=*&
1166 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1167 |_http-server-header: gws
1168 |_http-title: Did not follow redirect to http://www.google.com/
1169 443/tcp open ssl/https syn-ack ttl 122 gws
1170 | fingerprint-strings:
1171 | GetRequest:
1172 | HTTP/1.0 200 OK
1173 | Date: Thu, 12 Mar 2020 13:36:43 GMT
1174 | Expires: -1
1175 | Cache-Control: private, max-age=0
1176 | Content-Type: text/html; charset=ISO-8859-1
1177 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1178 | Server: gws
1179 | X-XSS-Protection: 0
1180 | X-Frame-Options: SAMEORIGIN
1181 | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:36:43 GMT; path=/; domain=.google.com; Secure
1182 | Set-Cookie: NID=200=pB3i70Pj7BS1DGhBiUENo-nExAAGi-TQw5OB7oNGEfs2WXQ8PyJL8mtTAFzAR9NWvGvyB6_2SkrKRqdZ_3AXbsuUat3mt5aw06NMQSoOXZpWAXNsLYF74E5H4hTNRSjiy04-1JeV0vWeYv9Yc9-9rgJ5vgn6Wwi6KIWg5QDHs7M; expires=Fri, 11-Sep-2020 13:36:43 GMT; path=/; domain=.google.com; HttpOnly
1183 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1184 | Accept-Ranges: none
1185 | Vary: Accept-Encoding
1186 | <!doctype html><
1187 | HTTPOptions:
1188 | HTTP/1.0 405 Method Not Allowed
1189 | Allow: GET, HEAD
1190 | Date: Thu, 12 Mar 2020 13:36:46 GMT
1191 | Content-Type: text/html; charset=UTF-8
1192 | Server: gws
1193 | Content-Length: 1592
1194 | X-XSS-Protection: 0
1195 | X-Frame-Options: SAMEORIGIN
1196 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1197 | <!DOCTYPE html>
1198 | <html lang=en>
1199 | <meta charset=utf-8>
1200 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1201 | <title>Error 405 (Method Not Allowed)!!1</title>
1202 | <style>
1203 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1204 |_http-favicon: Google
1205 | http-methods:
1206 |_ Supported Methods: GET HEAD
1207 | http-robots.txt: 217 disallowed entries (15 shown)
1208 | /search /sdch /groups /index.html? /? /?hl=*&
1209 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1210 |_http-server-header: gws
1211 |_http-title: Did not follow redirect to http://www.google.com/
1212 | ssl-cert: Subject: commonName=invalid2.invalid
1213 | Issuer: commonName=invalid2.invalid
1214 | Public Key type: rsa
1215 | Public Key bits: 2048
1216 | Signature Algorithm: sha256WithRSAEncryption
1217 | Not valid before: 2015-01-01T00:00:00
1218 | Not valid after: 2030-01-01T00:00:00
1219 | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1220 |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1221 |_ssl-date: 2020-03-12T13:39:02+00:00; -4s from scanner time.
1222 | tls-alpn:
1223 | grpc-exp
1224 | h2
1225 |_ http/1.1
1226 | tls-nextprotoneg:
1227 | grpc-exp
1228 | h2
1229 |_ http/1.1
1230 Scanning ip 172.217.0.0 ():
1231 80/tcp open http syn-ack ttl 122 gws
1232 | fingerprint-strings:
1233 | GetRequest:
1234 | HTTP/1.0 200 OK
1235 | Date: Thu, 12 Mar 2020 13:39:23 GMT
1236 | Expires: -1
1237 | Cache-Control: private, max-age=0
1238 | Content-Type: text/html; charset=ISO-8859-1
1239 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1240 | Server: gws
1241 | X-XSS-Protection: 0
1242 | X-Frame-Options: SAMEORIGIN
1243 | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:39:23 GMT; path=/; domain=.google.com; Secure
1244 | Set-Cookie: NID=200=BZjxO6S3TIYoUERcLzyXuSHzR3LaPIia1vQS7BlBhvx03c_Zu5yBtt13pKCqwdxV1ixXMGDHgMq9N8OpTXC77me-2dtpbNDiR7ImyxGo8Wk4oplQ0boehpd8aHrabC4VSGGhdHGcmhHt1kes7mDNUmf4KDmr0P79UJzQVS6u5_U; expires=Fri, 11-Sep-2020 13:39:23 GMT; path=/; domain=.google.com; HttpOnly
1245 | Accept-Ranges: none
1246 | Vary: Accept-Encoding
1247 | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1248 | HTTPOptions:
1249 | HTTP/1.0 405 Method Not Allowed
1250 | Allow: GET, HEAD
1251 | Date: Thu, 12 Mar 2020 13:39:23 GMT
1252 | Content-Type: text/html; charset=UTF-8
1253 | Server: gws
1254 | Content-Length: 1592
1255 | X-XSS-Protection: 0
1256 | X-Frame-Options: SAMEORIGIN
1257 | <!DOCTYPE html>
1258 | <html lang=en>
1259 | <meta charset=utf-8>
1260 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1261 | <title>Error 405 (Method Not Allowed)!!1</title>
1262 | <style>
1263 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1264 |_http-favicon: Google
1265 | http-methods:
1266 |_ Supported Methods: GET HEAD
1267 | http-robots.txt: 217 disallowed entries (15 shown)
1268 | /search /sdch /groups /index.html? /? /?hl=*&
1269 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1270 |_http-server-header: gws
1271 |_http-title: Did not follow redirect to http://www.google.com/
1272 443/tcp open ssl/https syn-ack ttl 122 gws
1273 | fingerprint-strings:
1274 | GetRequest:
1275 | HTTP/1.0 200 OK
1276 | Date: Thu, 12 Mar 2020 13:39:30 GMT
1277 | Expires: -1
1278 | Cache-Control: private, max-age=0
1279 | Content-Type: text/html; charset=ISO-8859-1
1280 | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1281 | Server: gws
1282 | X-XSS-Protection: 0
1283 | X-Frame-Options: SAMEORIGIN
1284 | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:39:30 GMT; path=/; domain=.google.com; Secure
1285 | Set-Cookie: NID=200=Hpc4ABLKfBkd-Dut_rP3Fe47wqX9_6RWtf_ZcjFFHyeQYG9j7wDiSsjYn0EW1nq_84kpQmLrCMwjbmYjX93ltFY3sVoWZ_c5wP95z5ADFYvdQKw3BlE4qfB-lK0kCv7580a2K0coWNDAHBgTMiwuqmr4MUz4vr0ZWEFHy1I_C2I; expires=Fri, 11-Sep-2020 13:39:30 GMT; path=/; domain=.google.com; HttpOnly
1286 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1287 | Accept-Ranges: none
1288 | Vary: Accept-Encoding
1289 | <!doctype html><
1290 | HTTPOptions:
1291 | HTTP/1.0 405 Method Not Allowed
1292 | Allow: GET, HEAD
1293 | Date: Thu, 12 Mar 2020 13:39:31 GMT
1294 | Content-Type: text/html; charset=UTF-8
1295 | Server: gws
1296 | Content-Length: 1592
1297 | X-XSS-Protection: 0
1298 | X-Frame-Options: SAMEORIGIN
1299 | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1300 | <!DOCTYPE html>
1301 | <html lang=en>
1302 | <meta charset=utf-8>
1303 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1304 | <title>Error 405 (Method Not Allowed)!!1</title>
1305 | <style>
1306 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1307 |_http-favicon: Google
1308 | http-methods:
1309 |_ Supported Methods: GET HEAD
1310 | http-robots.txt: 217 disallowed entries (15 shown)
1311 | /search /sdch /groups /index.html? /? /?hl=*&
1312 |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1313 |_http-server-header: gws
1314 |_http-title: Did not follow redirect to http://www.google.com/
1315 | ssl-cert: Subject: commonName=invalid2.invalid
1316 | Issuer: commonName=invalid2.invalid
1317 | Public Key type: rsa
1318 | Public Key bits: 2048
1319 | Signature Algorithm: sha256WithRSAEncryption
1320 | Not valid before: 2015-01-01T00:00:00
1321 | Not valid after: 2030-01-01T00:00:00
1322 | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1323 |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1324 |_ssl-date: 2020-03-12T13:41:16+00:00; -4s from scanner time.
1325 | tls-alpn:
1326 | grpc-exp
1327 | h2
1328 |_ http/1.1
1329 | tls-nextprotoneg:
1330 | grpc-exp
1331 | h2
1332 |_ http/1.1
1333 Scanning ip 35.190.247.0 ():
1334 25/tcp open tcpwrapped syn-ack ttl 122
1335 |_smtp-commands: Couldn't establish connection on port 25
1336 80/tcp open http syn-ack ttl 122
1337 | fingerprint-strings:
1338 | GetRequest, HTTPOptions:
1339 | HTTP/1.0 404 Not Found
1340 | Content-Type: text/html; charset=UTF-8
1341 | Referrer-Policy: no-referrer
1342 | Content-Length: 1561
1343 | Date: Thu, 12 Mar 2020 13:41:30 GMT
1344 | <!DOCTYPE html>
1345 | <html lang=en>
1346 | <meta charset=utf-8>
1347 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1348 | <title>Error 404 (Not Found)!!1</title>
1349 | <style>
1350 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/goo
1351 |_http-title: Error 404 (Not Found)!!1
1352 110/tcp open tcpwrapped syn-ack ttl 122
1353 143/tcp open tcpwrapped syn-ack ttl 122
1354 443/tcp open tcpwrapped syn-ack ttl 122
1355 465/tcp open tcpwrapped syn-ack ttl 122
1356 |_smtp-commands: Couldn't establish connection on port 465
1357 587/tcp open tcpwrapped syn-ack ttl 122
1358 |_smtp-commands: Couldn't establish connection on port 587
1359 993/tcp open tcpwrapped syn-ack ttl 122
1360 995/tcp open tcpwrapped syn-ack ttl 122
1361 3389/tcp open tcpwrapped syn-ack ttl 122
1362 5432/tcp open tcpwrapped syn-ack ttl 122
1363 5900/tcp open tcpwrapped syn-ack ttl 122
1364 8080/tcp open http-proxy syn-ack ttl 122
1365 | fingerprint-strings:
1366 | GetRequest, HTTPOptions:
1367 | HTTP/1.0 404 Not Found
1368 | Content-Type: text/html; charset=UTF-8
1369 | Referrer-Policy: no-referrer
1370 | Content-Length: 1561
1371 | Date: Thu, 12 Mar 2020 13:41:30 GMT
1372 | <!DOCTYPE html>
1373 | <html lang=en>
1374 | <meta charset=utf-8>
1375 | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1376 | <title>Error 404 (Not Found)!!1</title>
1377 | <style>
1378 |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/goo
1379 |_http-title: Error 404 (Not Found)!!1
1380 Scanning ip 72.14.192.0 ():
1381 25/tcp open smtp syn-ack ttl 108 Google gsmtp
1382 | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 35882577, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1383 |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 k12sm15588957wrv.88 - gsmtp
1384 | ssl-cert: Subject: commonName=smtp.gmail.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1385 | Subject Alternative Name: DNS:smtp.gmail.com
1386 | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1387 | Public Key type: rsa
1388 | Public Key bits: 2048
1389 | Signature Algorithm: sha256WithRSAEncryption
1390 | Not valid before: 2020-01-14T15:22:17
1391 | Not valid after: 2021-01-08T15:22:17
1392 | MD5: c226 06b4 a44b 79fa 923b 3885 dfd5 94b1
1393 |_SHA-1: 9188 cfd3 e52f c704 5bf4 705c 3851 2c5c e235 064a
1394 |_ssl-date: 2020-03-12T13:49:16+00:00; -4s from scanner time.
1395 80/tcp open http syn-ack ttl 108 Google httpd
1396 | http-methods:
1397 |_ Supported Methods: GET HEAD POST OPTIONS
1398 |_http-server-header: ghs
1399 |_http-title: Error 404 (Not Found)!!1
1400 443/tcp open ssl/https? syn-ack ttl 108
1401 465/tcp open ssl/smtp syn-ack ttl 108 Google gsmtp
1402 |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1403 | ssl-cert: Subject: commonName=smtp.gmail.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1404 | Subject Alternative Name: DNS:smtp.gmail.com
1405 | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1406 | Public Key type: rsa
1407 | Public Key bits: 2048
1408 | Signature Algorithm: sha256WithRSAEncryption
1409 | Not valid before: 2020-01-14T15:22:17
1410 | Not valid after: 2021-01-08T15:22:17
1411 | MD5: c226 06b4 a44b 79fa 923b 3885 dfd5 94b1
1412 |_SHA-1: 9188 cfd3 e52f c704 5bf4 705c 3851 2c5c e235 064a
1413 |_ssl-date: 2020-03-12T13:49:15+00:00; -4s from scanner time.
1414 587/tcp open smtp syn-ack ttl 108 Google gsmtp
1415 | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 35882577, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1416 |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 e22sm12349674wme.45 - gsmtp
1417 | ssl-cert: Subject: commonName=smtp.gmail.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1418 | Subject Alternative Name: DNS:smtp.gmail.com
1419 | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1420 | Public Key type: rsa
1421 | Public Key bits: 2048
1422 | Signature Algorithm: sha256WithRSAEncryption
1423 | Not valid before: 2020-01-14T15:22:17
1424 | Not valid after: 2021-01-08T15:22:17
1425 | MD5: c226 06b4 a44b 79fa 923b 3885 dfd5 94b1
1426 |_SHA-1: 9188 cfd3 e52f c704 5bf4 705c 3851 2c5c e235 064a
1427 |_ssl-date: 2020-03-12T13:49:16+00:00; -4s from scanner time.
1428 993/tcp open ssl/imap syn-ack ttl 108 Google Gmail imapd (5mb67115728wmy)
1429 |_imap-capabilities: CAPABILITY
1430 | ssl-cert: Subject: commonName=ghs-ssl.googlehosted.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US
1431 | Subject Alternative Name: DNS:ghs-ssl.googlehosted.com
1432 | Issuer: commonName=Google Internet Authority G2/organizationName=Google Inc/countryName=US
1433 | Public Key type: rsa
1434 | Public Key bits: 2048
1435 | Signature Algorithm: sha256WithRSAEncryption
1436 | Not valid before: 2015-11-27T08:49:40
1437 | Not valid after: 2016-11-26T00:00:00
1438 | MD5: fe82 6dc4 7414 1ec6 186e 2a96 928b e8f9
1439 |_SHA-1: 12ca fdcc 0f42 c1cf e45f 4d5e bd10 503a c109 650e
1440 |_ssl-date: 2020-03-12T13:49:15+00:00; -4s from scanner time.
1441 995/tcp open ssl/pop3 syn-ack ttl 108 Google Gmail pop3d (p16mb1470564wrm)
1442 | ssl-cert: Subject: commonName=ghs-ssl.googlehosted.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US
1443 | Subject Alternative Name: DNS:ghs-ssl.googlehosted.com
1444 | Issuer: commonName=Google Internet Authority G2/organizationName=Google Inc/countryName=US
1445 | Public Key type: rsa
1446 | Public Key bits: 2048
1447 | Signature Algorithm: sha256WithRSAEncryption
1448 | Not valid before: 2015-11-27T08:49:40
1449 | Not valid after: 2016-11-26T00:00:00
1450 | MD5: fe82 6dc4 7414 1ec6 186e 2a96 928b e8f9
1451 |_SHA-1: 12ca fdcc 0f42 c1cf e45f 4d5e bd10 503a c109 650e
1452 |_ssl-date: 2020-03-12T13:49:15+00:00; -4s from scanner time.
1453 OS Info: Service Info: Host: mx.google.com
1454 |_clock-skew: mean: -4s, deviation: 0s, median: -4s
1455 Scanning ip 209.85.233.27 (aspmx2.googlemail.com):
1456 25/tcp open smtp syn-ack ttl 108 Google gsmtp
1457 | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 157286400, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1458 |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 l10si4729794lfg.183 - gsmtp
1459 | ssl-cert: Subject: commonName=mx.google.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1460 | Subject Alternative Name: DNS:mx.google.com, DNS:alt1.aspmx.l.google.com, DNS:alt1.gmail-smtp-in.l.google.com, DNS:alt1.gmr-smtp-in.l.google.com, DNS:alt2.aspmx.l.google.com, DNS:alt2.gmail-smtp-in.l.google.com, DNS:alt2.gmr-smtp-in.l.google.com, DNS:alt3.aspmx.l.google.com, DNS:alt3.gmail-smtp-in.l.google.com, DNS:alt3.gmr-smtp-in.l.google.com, DNS:alt4.aspmx.l.google.com, DNS:alt4.gmail-smtp-in.l.google.com, DNS:alt4.gmr-smtp-in.l.google.com, DNS:aspmx.l.google.com, DNS:aspmx2.googlemail.com, DNS:aspmx3.googlemail.com, DNS:aspmx4.googlemail.com, DNS:aspmx5.googlemail.com, DNS:gmail-smtp-in.l.google.com, DNS:gmr-mx.google.com, DNS:gmr-smtp-in.l.google.com, DNS:mx1.smtp.goog, DNS:mx2.smtp.goog, DNS:mx3.smtp.goog, DNS:mx4.smtp.goog
1461 | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1462 | Public Key type: rsa
1463 | Public Key bits: 2048
1464 | Signature Algorithm: sha256WithRSAEncryption
1465 | Not valid before: 2020-02-25T20:43:24
1466 | Not valid after: 2020-05-19T20:43:24
1467 | MD5: 2738 1c01 ccd8 4e62 f9b3 08d1 1fea ba05
1468 |_SHA-1: 320e ca4f 2b8b 89e9 4ed0 1f65 f18d d1c6 8b14 d0b3
1469 |_ssl-date: 2020-03-12T13:50:44+00:00; -4s from scanner time.
1470 OS Info: Service Info: Host: mx.google.com
1471 |_clock-skew: -4s
1472 Scanning ip 74.125.133.27 (wo-in-f27.1e100.net (PTR)):
1473 25/tcp open smtp syn-ack ttl 108 Google gsmtp
1474 | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 157286400, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1475 |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 a26si4422535wmm.33 - gsmtp
1476 | ssl-cert: Subject: commonName=mx.google.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1477 | Subject Alternative Name: DNS:mx.google.com, DNS:alt1.aspmx.l.google.com, DNS:alt1.gmail-smtp-in.l.google.com, DNS:alt1.gmr-smtp-in.l.google.com, DNS:alt2.aspmx.l.google.com, DNS:alt2.gmail-smtp-in.l.google.com, DNS:alt2.gmr-smtp-in.l.google.com, DNS:alt3.aspmx.l.google.com, DNS:alt3.gmail-smtp-in.l.google.com, DNS:alt3.gmr-smtp-in.l.google.com, DNS:alt4.aspmx.l.google.com, DNS:alt4.gmail-smtp-in.l.google.com, DNS:alt4.gmr-smtp-in.l.google.com, DNS:aspmx.l.google.com, DNS:aspmx2.googlemail.com, DNS:aspmx3.googlemail.com, DNS:aspmx4.googlemail.com, DNS:aspmx5.googlemail.com, DNS:gmail-smtp-in.l.google.com, DNS:gmr-mx.google.com, DNS:gmr-smtp-in.l.google.com, DNS:mx1.smtp.goog, DNS:mx2.smtp.goog, DNS:mx3.smtp.goog, DNS:mx4.smtp.goog
1478 | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1479 | Public Key type: rsa
1480 | Public Key bits: 2048
1481 | Signature Algorithm: sha256WithRSAEncryption
1482 | Not valid before: 2020-02-25T20:43:24
1483 | Not valid after: 2020-05-19T20:43:24
1484 | MD5: 2738 1c01 ccd8 4e62 f9b3 08d1 1fea ba05
1485 |_SHA-1: 320e ca4f 2b8b 89e9 4ed0 1f65 f18d d1c6 8b14 d0b3
1486 |_ssl-date: 2020-03-12T13:51:08+00:00; -4s from scanner time.
1487 OS Info: Service Info: Host: mx.google.com
1488 |_clock-skew: -4s
1489 WebCrawling domain's web servers... up to 50 max links.
1490--Finished--
1491Summary information for domain paltahass.cl.
1492-----------------------------------------
1493 Domain Specific Information:
1494 Email: aochagavia@paltahass.cl
1495 Email: tedepaltas@paltahass.cl.
1496 Email: aochagavia@paltahass.cl.
1497 Email: rwaissbluth@paltahass.cl,
1498 Email: jlazo@paltahass.cl
1499
1500 Domain Ips Information:
1501 IP: 216.58.192.0
1502 Type: SPF
1503 Is Active: True (echo-reply ttl 45)
1504 Port: 80/tcp open http syn-ack ttl 108 gws
1505 Script Info: | fingerprint-strings:
1506 Script Info: | GetRequest:
1507 Script Info: | HTTP/1.0 200 OK
1508 Script Info: | Date: Thu, 12 Mar 2020 13:32:30 GMT
1509 Script Info: | Expires: -1
1510 Script Info: | Cache-Control: private, max-age=0
1511 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1512 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1513 Script Info: | Server: gws
1514 Script Info: | X-XSS-Protection: 0
1515 Script Info: | X-Frame-Options: SAMEORIGIN
1516 Script Info: | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:32:30 GMT; path=/; domain=.google.com; Secure
1517 Script Info: | Set-Cookie: NID=200=YtvDxAsZH5p191KMl64j2OcWR2EXa78i49yDlpBBpE0iNYcJKej6sRL6LRJadP9NVLOn98fiXAirZyJSWLHgGKN7GxpbeIDSZawlPiOyLgCHaL1hJH9L63sDeZa0ISxOKbqPNAEFrarz85jQSLpOTwUQO8K7hFFP-nEW-5hXaOc; expires=Fri, 11-Sep-2020 13:32:30 GMT; path=/; domain=.google.com; HttpOnly
1518 Script Info: | Accept-Ranges: none
1519 Script Info: | Vary: Accept-Encoding
1520 Script Info: | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1521 Script Info: | HTTPOptions:
1522 Script Info: | HTTP/1.0 405 Method Not Allowed
1523 Script Info: | Allow: GET, HEAD
1524 Script Info: | Date: Thu, 12 Mar 2020 13:32:31 GMT
1525 Script Info: | Content-Type: text/html; charset=UTF-8
1526 Script Info: | Server: gws
1527 Script Info: | Content-Length: 1592
1528 Script Info: | X-XSS-Protection: 0
1529 Script Info: | X-Frame-Options: SAMEORIGIN
1530 Script Info: | <!DOCTYPE html>
1531 Script Info: | <html lang=en>
1532 Script Info: | <meta charset=utf-8>
1533 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1534 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1535 Script Info: | <style>
1536 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1537 Script Info: |_http-favicon: Google
1538 Script Info: | http-methods:
1539 Script Info: |_ Supported Methods: GET HEAD
1540 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1541 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1542 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1543 Script Info: |_http-server-header: gws
1544 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1545 Port: 443/tcp open ssl/https syn-ack ttl 108 gws
1546 Script Info: | fingerprint-strings:
1547 Script Info: | GetRequest:
1548 Script Info: | HTTP/1.0 200 OK
1549 Script Info: | Date: Thu, 12 Mar 2020 13:32:37 GMT
1550 Script Info: | Expires: -1
1551 Script Info: | Cache-Control: private, max-age=0
1552 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1553 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1554 Script Info: | Server: gws
1555 Script Info: | X-XSS-Protection: 0
1556 Script Info: | X-Frame-Options: SAMEORIGIN
1557 Script Info: | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:32:37 GMT; path=/; domain=.google.com; Secure
1558 Script Info: | Set-Cookie: NID=200=nM-OVmbzxUJaIgOIcWz9KlurdYfj_eoZLYyB-DBixzczdYk1TIj86zpfXn7333MdJ1OHlYwWR1Rzfg7N26tL9b7jCGOgBr8ywVtMjEaF1sdURy6SC8nntQfPlKbLxZg39Yat5xAQTYnxeK1wujyIHRhR8TgcNwWIN_LRb_lFPTI; expires=Fri, 11-Sep-2020 13:32:37 GMT; path=/; domain=.google.com; HttpOnly
1559 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1560 Script Info: | Accept-Ranges: none
1561 Script Info: | Vary: Accept-Encoding
1562 Script Info: | <!doctype html><
1563 Script Info: | HTTPOptions:
1564 Script Info: | HTTP/1.0 405 Method Not Allowed
1565 Script Info: | Allow: GET, HEAD
1566 Script Info: | Date: Thu, 12 Mar 2020 13:32:39 GMT
1567 Script Info: | Content-Type: text/html; charset=UTF-8
1568 Script Info: | Server: gws
1569 Script Info: | Content-Length: 1592
1570 Script Info: | X-XSS-Protection: 0
1571 Script Info: | X-Frame-Options: SAMEORIGIN
1572 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1573 Script Info: | <!DOCTYPE html>
1574 Script Info: | <html lang=en>
1575 Script Info: | <meta charset=utf-8>
1576 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1577 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1578 Script Info: | <style>
1579 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1580 Script Info: |_http-favicon: Google
1581 Script Info: | http-methods:
1582 Script Info: |_ Supported Methods: GET HEAD
1583 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1584 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1585 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1586 Script Info: |_http-server-header: gws
1587 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1588 Script Info: | ssl-cert: Subject: commonName=invalid2.invalid
1589 Script Info: | Issuer: commonName=invalid2.invalid
1590 Script Info: | Public Key type: rsa
1591 Script Info: | Public Key bits: 2048
1592 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1593 Script Info: | Not valid before: 2015-01-01T00:00:00
1594 Script Info: | Not valid after: 2030-01-01T00:00:00
1595 Script Info: | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1596 Script Info: |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1597 Script Info: |_ssl-date: 2020-03-12T13:34:34+00:00; -4s from scanner time.
1598 Script Info: | tls-alpn:
1599 Script Info: | grpc-exp
1600 Script Info: | h2
1601 Script Info: |_ http/1.1
1602 Script Info: | tls-nextprotoneg:
1603 Script Info: | grpc-exp
1604 Script Info: | h2
1605 Script Info: |_ http/1.1
1606 IP: 172.253.112.0
1607 Type: SPF
1608 Is Active: False
1609 IP: 108.177.96.0
1610 Type: SPF
1611 Is Active: False
1612 IP: 172.217.32.0
1613 Type: SPF
1614 Is Active: False
1615 IP: 172.253.56.0
1616 Type: SPF
1617 Is Active: False
1618 IP: 172.217.192.0
1619 Type: SPF
1620 Is Active: False
1621 IP: 173.194.0.0
1622 Type: SPF
1623 Is Active: False
1624 IP: 74.125.0.0
1625 Type: SPF
1626 Is Active: False
1627 IP: 130.211.0.0
1628 Type: SPF
1629 Is Active: False
1630 IP: 172.217.128.0
1631 Type: SPF
1632 Is Active: True (reset ttl 243)
1633 Script Info: Device type: firewall|general purpose|printer
1634 IP: 97.74.101.22
1635 HostName: ns43.domaincontrol.com Type: NS
1636 HostName: ns43.domaincontrol.com Type: PTR
1637 Country: United States
1638 Is Active: True (echo-reply ttl 53)
1639 Port: 53/tcp open tcpwrapped syn-ack ttl 57
1640 IP: 173.201.69.22
1641 HostName: ns44.domaincontrol.com Type: NS
1642 HostName: ns44.domaincontrol.com Type: PTR
1643 Country: United States
1644 Is Active: True (echo-reply ttl 57)
1645 Port: 53/tcp open tcpwrapped syn-ack ttl 53
1646 IP: 216.239.32.0
1647 Type: SPF
1648 Is Active: False
1649 IP: 172.253.118.27
1650 HostName: alt2.aspmx.l.google.com Type: MX
1651 HostName: aspmx3.googlemail.com Type: MX
1652 Country: United States
1653 Is Active: True (syn-ack ttl 101)
1654 Port: 25/tcp open smtp syn-ack ttl 104 Google gsmtp
1655 Script Info: | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 157286400, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1656 Script Info: |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 y63si3757681pfy.122 - gsmtp
1657 Script Info: | ssl-cert: Subject: commonName=mx.google.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1658 Script Info: | Subject Alternative Name: DNS:mx.google.com, DNS:alt1.aspmx.l.google.com, DNS:alt1.gmail-smtp-in.l.google.com, DNS:alt1.gmr-smtp-in.l.google.com, DNS:alt2.aspmx.l.google.com, DNS:alt2.gmail-smtp-in.l.google.com, DNS:alt2.gmr-smtp-in.l.google.com, DNS:alt3.aspmx.l.google.com, DNS:alt3.gmail-smtp-in.l.google.com, DNS:alt3.gmr-smtp-in.l.google.com, DNS:alt4.aspmx.l.google.com, DNS:alt4.gmail-smtp-in.l.google.com, DNS:alt4.gmr-smtp-in.l.google.com, DNS:aspmx.l.google.com, DNS:aspmx2.googlemail.com, DNS:aspmx3.googlemail.com, DNS:aspmx4.googlemail.com, DNS:aspmx5.googlemail.com, DNS:gmail-smtp-in.l.google.com, DNS:gmr-mx.google.com, DNS:gmr-smtp-in.l.google.com, DNS:mx1.smtp.goog, DNS:mx2.smtp.goog, DNS:mx3.smtp.goog, DNS:mx4.smtp.goog
1659 Script Info: | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1660 Script Info: | Public Key type: rsa
1661 Script Info: | Public Key bits: 2048
1662 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1663 Script Info: | Not valid before: 2020-02-25T20:43:24
1664 Script Info: | Not valid after: 2020-05-19T20:43:24
1665 Script Info: | MD5: 2738 1c01 ccd8 4e62 f9b3 08d1 1fea ba05
1666 Script Info: |_SHA-1: 320e ca4f 2b8b 89e9 4ed0 1f65 f18d d1c6 8b14 d0b3
1667 Script Info: |_ssl-date: 2020-03-12T13:36:19+00:00; -4s from scanner time.
1668 Script Info: Device type: specialized|PBX|printer
1669 Os Info: Host: mx.google.com
1670 Script Info: |_clock-skew: -4s
1671 IP: 172.217.160.0
1672 Type: SPF
1673 Is Active: True (echo-reply ttl 46)
1674 Port: 80/tcp open http syn-ack ttl 122 gws
1675 Script Info: | fingerprint-strings:
1676 Script Info: | GetRequest:
1677 Script Info: | HTTP/1.0 200 OK
1678 Script Info: | Date: Thu, 12 Mar 2020 13:36:35 GMT
1679 Script Info: | Expires: -1
1680 Script Info: | Cache-Control: private, max-age=0
1681 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1682 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1683 Script Info: | Server: gws
1684 Script Info: | X-XSS-Protection: 0
1685 Script Info: | X-Frame-Options: SAMEORIGIN
1686 Script Info: | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:36:35 GMT; path=/; domain=.google.com; Secure
1687 Script Info: | Set-Cookie: NID=200=sC9IDTHJPsrV2j_cc0vlkGpDTIIo-uupsN183hdZnR-evwp3blaXugNTlUebCXwkz0idwEdNc9b4zavJMPK8_AizfQqY4ALZhbaK6YX9Pvim9VxmdCeBDpfQQjK6t_ZLqkfw3DKJBagjVuBpsv4ilhiZz1weTmaksUpEJj7SDxI; expires=Fri, 11-Sep-2020 13:36:35 GMT; path=/; domain=.google.com; HttpOnly
1688 Script Info: | Accept-Ranges: none
1689 Script Info: | Vary: Accept-Encoding
1690 Script Info: | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1691 Script Info: | HTTPOptions:
1692 Script Info: | HTTP/1.0 405 Method Not Allowed
1693 Script Info: | Allow: GET, HEAD
1694 Script Info: | Date: Thu, 12 Mar 2020 13:36:36 GMT
1695 Script Info: | Content-Type: text/html; charset=UTF-8
1696 Script Info: | Server: gws
1697 Script Info: | Content-Length: 1592
1698 Script Info: | X-XSS-Protection: 0
1699 Script Info: | X-Frame-Options: SAMEORIGIN
1700 Script Info: | <!DOCTYPE html>
1701 Script Info: | <html lang=en>
1702 Script Info: | <meta charset=utf-8>
1703 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1704 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1705 Script Info: | <style>
1706 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1707 Script Info: |_http-favicon: Google
1708 Script Info: | http-methods:
1709 Script Info: |_ Supported Methods: GET HEAD
1710 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1711 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1712 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1713 Script Info: |_http-server-header: gws
1714 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1715 Port: 443/tcp open ssl/https syn-ack ttl 122 gws
1716 Script Info: | fingerprint-strings:
1717 Script Info: | GetRequest:
1718 Script Info: | HTTP/1.0 200 OK
1719 Script Info: | Date: Thu, 12 Mar 2020 13:36:43 GMT
1720 Script Info: | Expires: -1
1721 Script Info: | Cache-Control: private, max-age=0
1722 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1723 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1724 Script Info: | Server: gws
1725 Script Info: | X-XSS-Protection: 0
1726 Script Info: | X-Frame-Options: SAMEORIGIN
1727 Script Info: | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:36:43 GMT; path=/; domain=.google.com; Secure
1728 Script Info: | Set-Cookie: NID=200=pB3i70Pj7BS1DGhBiUENo-nExAAGi-TQw5OB7oNGEfs2WXQ8PyJL8mtTAFzAR9NWvGvyB6_2SkrKRqdZ_3AXbsuUat3mt5aw06NMQSoOXZpWAXNsLYF74E5H4hTNRSjiy04-1JeV0vWeYv9Yc9-9rgJ5vgn6Wwi6KIWg5QDHs7M; expires=Fri, 11-Sep-2020 13:36:43 GMT; path=/; domain=.google.com; HttpOnly
1729 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1730 Script Info: | Accept-Ranges: none
1731 Script Info: | Vary: Accept-Encoding
1732 Script Info: | <!doctype html><
1733 Script Info: | HTTPOptions:
1734 Script Info: | HTTP/1.0 405 Method Not Allowed
1735 Script Info: | Allow: GET, HEAD
1736 Script Info: | Date: Thu, 12 Mar 2020 13:36:46 GMT
1737 Script Info: | Content-Type: text/html; charset=UTF-8
1738 Script Info: | Server: gws
1739 Script Info: | Content-Length: 1592
1740 Script Info: | X-XSS-Protection: 0
1741 Script Info: | X-Frame-Options: SAMEORIGIN
1742 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1743 Script Info: | <!DOCTYPE html>
1744 Script Info: | <html lang=en>
1745 Script Info: | <meta charset=utf-8>
1746 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1747 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1748 Script Info: | <style>
1749 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1750 Script Info: |_http-favicon: Google
1751 Script Info: | http-methods:
1752 Script Info: |_ Supported Methods: GET HEAD
1753 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1754 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1755 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1756 Script Info: |_http-server-header: gws
1757 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1758 Script Info: | ssl-cert: Subject: commonName=invalid2.invalid
1759 Script Info: | Issuer: commonName=invalid2.invalid
1760 Script Info: | Public Key type: rsa
1761 Script Info: | Public Key bits: 2048
1762 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1763 Script Info: | Not valid before: 2015-01-01T00:00:00
1764 Script Info: | Not valid after: 2030-01-01T00:00:00
1765 Script Info: | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1766 Script Info: |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1767 Script Info: |_ssl-date: 2020-03-12T13:39:02+00:00; -4s from scanner time.
1768 Script Info: | tls-alpn:
1769 Script Info: | grpc-exp
1770 Script Info: | h2
1771 Script Info: |_ http/1.1
1772 Script Info: | tls-nextprotoneg:
1773 Script Info: | grpc-exp
1774 Script Info: | h2
1775 Script Info: |_ http/1.1
1776 IP: 66.102.0.0
1777 Type: SPF
1778 Is Active: False
1779 IP: 108.177.8.0
1780 Type: SPF
1781 Is Active: False
1782 IP: 107.180.28.114
1783 HostName: www.paltahass.cl. Type: A
1784 HostName: mail.paltahass.cl. Type: A
1785 HostName: ip-107-180-28-114.ip.secureserver.net Type: PTR
1786 Country: United States
1787 Is Active: False
1788 IP: 209.85.128.0
1789 Type: SPF
1790 Is Active: False
1791 IP: 172.217.0.0
1792 Type: SPF
1793 Is Active: True (echo-reply ttl 53)
1794 Port: 80/tcp open http syn-ack ttl 122 gws
1795 Script Info: | fingerprint-strings:
1796 Script Info: | GetRequest:
1797 Script Info: | HTTP/1.0 200 OK
1798 Script Info: | Date: Thu, 12 Mar 2020 13:39:23 GMT
1799 Script Info: | Expires: -1
1800 Script Info: | Cache-Control: private, max-age=0
1801 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1802 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1803 Script Info: | Server: gws
1804 Script Info: | X-XSS-Protection: 0
1805 Script Info: | X-Frame-Options: SAMEORIGIN
1806 Script Info: | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:39:23 GMT; path=/; domain=.google.com; Secure
1807 Script Info: | Set-Cookie: NID=200=BZjxO6S3TIYoUERcLzyXuSHzR3LaPIia1vQS7BlBhvx03c_Zu5yBtt13pKCqwdxV1ixXMGDHgMq9N8OpTXC77me-2dtpbNDiR7ImyxGo8Wk4oplQ0boehpd8aHrabC4VSGGhdHGcmhHt1kes7mDNUmf4KDmr0P79UJzQVS6u5_U; expires=Fri, 11-Sep-2020 13:39:23 GMT; path=/; domain=.google.com; HttpOnly
1808 Script Info: | Accept-Ranges: none
1809 Script Info: | Vary: Accept-Encoding
1810 Script Info: | <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg
1811 Script Info: | HTTPOptions:
1812 Script Info: | HTTP/1.0 405 Method Not Allowed
1813 Script Info: | Allow: GET, HEAD
1814 Script Info: | Date: Thu, 12 Mar 2020 13:39:23 GMT
1815 Script Info: | Content-Type: text/html; charset=UTF-8
1816 Script Info: | Server: gws
1817 Script Info: | Content-Length: 1592
1818 Script Info: | X-XSS-Protection: 0
1819 Script Info: | X-Frame-Options: SAMEORIGIN
1820 Script Info: | <!DOCTYPE html>
1821 Script Info: | <html lang=en>
1822 Script Info: | <meta charset=utf-8>
1823 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1824 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1825 Script Info: | <style>
1826 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#l
1827 Script Info: |_http-favicon: Google
1828 Script Info: | http-methods:
1829 Script Info: |_ Supported Methods: GET HEAD
1830 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1831 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1832 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1833 Script Info: |_http-server-header: gws
1834 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1835 Port: 443/tcp open ssl/https syn-ack ttl 122 gws
1836 Script Info: | fingerprint-strings:
1837 Script Info: | GetRequest:
1838 Script Info: | HTTP/1.0 200 OK
1839 Script Info: | Date: Thu, 12 Mar 2020 13:39:30 GMT
1840 Script Info: | Expires: -1
1841 Script Info: | Cache-Control: private, max-age=0
1842 Script Info: | Content-Type: text/html; charset=ISO-8859-1
1843 Script Info: | P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
1844 Script Info: | Server: gws
1845 Script Info: | X-XSS-Protection: 0
1846 Script Info: | X-Frame-Options: SAMEORIGIN
1847 Script Info: | Set-Cookie: 1P_JAR=2020-03-12-13; expires=Sat, 11-Apr-2020 13:39:30 GMT; path=/; domain=.google.com; Secure
1848 Script Info: | Set-Cookie: NID=200=Hpc4ABLKfBkd-Dut_rP3Fe47wqX9_6RWtf_ZcjFFHyeQYG9j7wDiSsjYn0EW1nq_84kpQmLrCMwjbmYjX93ltFY3sVoWZ_c5wP95z5ADFYvdQKw3BlE4qfB-lK0kCv7580a2K0coWNDAHBgTMiwuqmr4MUz4vr0ZWEFHy1I_C2I; expires=Fri, 11-Sep-2020 13:39:30 GMT; path=/; domain=.google.com; HttpOnly
1849 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1850 Script Info: | Accept-Ranges: none
1851 Script Info: | Vary: Accept-Encoding
1852 Script Info: | <!doctype html><
1853 Script Info: | HTTPOptions:
1854 Script Info: | HTTP/1.0 405 Method Not Allowed
1855 Script Info: | Allow: GET, HEAD
1856 Script Info: | Date: Thu, 12 Mar 2020 13:39:31 GMT
1857 Script Info: | Content-Type: text/html; charset=UTF-8
1858 Script Info: | Server: gws
1859 Script Info: | Content-Length: 1592
1860 Script Info: | X-XSS-Protection: 0
1861 Script Info: | X-Frame-Options: SAMEORIGIN
1862 Script Info: | Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
1863 Script Info: | <!DOCTYPE html>
1864 Script Info: | <html lang=en>
1865 Script Info: | <meta charset=utf-8>
1866 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1867 Script Info: | <title>Error 405 (Method Not Allowed)!!1</title>
1868 Script Info: | <style>
1869 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11p
1870 Script Info: |_http-favicon: Google
1871 Script Info: | http-methods:
1872 Script Info: |_ Supported Methods: GET HEAD
1873 Script Info: | http-robots.txt: 217 disallowed entries (15 shown)
1874 Script Info: | /search /sdch /groups /index.html? /? /?hl=*&
1875 Script Info: |_/?hl=*&*&gws_rd=ssl /imgres /u/ /preferences /setprefs /default /m? /m/ /wml?
1876 Script Info: |_http-server-header: gws
1877 Script Info: |_http-title: Did not follow redirect to http://www.google.com/
1878 Script Info: | ssl-cert: Subject: commonName=invalid2.invalid
1879 Script Info: | Issuer: commonName=invalid2.invalid
1880 Script Info: | Public Key type: rsa
1881 Script Info: | Public Key bits: 2048
1882 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1883 Script Info: | Not valid before: 2015-01-01T00:00:00
1884 Script Info: | Not valid after: 2030-01-01T00:00:00
1885 Script Info: | MD5: 904a c8d5 445a d06a 8a10 ffcd 8b11 be16
1886 Script Info: |_SHA-1: 4259 517c d4e4 8a28 9d33 2ab3 f0ab 52a3 6632 2824
1887 Script Info: |_ssl-date: 2020-03-12T13:41:16+00:00; -4s from scanner time.
1888 Script Info: | tls-alpn:
1889 Script Info: | grpc-exp
1890 Script Info: | h2
1891 Script Info: |_ http/1.1
1892 Script Info: | tls-nextprotoneg:
1893 Script Info: | grpc-exp
1894 Script Info: | h2
1895 Script Info: |_ http/1.1
1896 IP: 35.190.247.0
1897 Type: SPF
1898 Is Active: True (echo-reply ttl 56)
1899 Port: 25/tcp open tcpwrapped syn-ack ttl 122
1900 Script Info: |_smtp-commands: Couldn't establish connection on port 25
1901 Port: 80/tcp open http syn-ack ttl 122
1902 Script Info: | fingerprint-strings:
1903 Script Info: | GetRequest, HTTPOptions:
1904 Script Info: | HTTP/1.0 404 Not Found
1905 Script Info: | Content-Type: text/html; charset=UTF-8
1906 Script Info: | Referrer-Policy: no-referrer
1907 Script Info: | Content-Length: 1561
1908 Script Info: | Date: Thu, 12 Mar 2020 13:41:30 GMT
1909 Script Info: | <!DOCTYPE html>
1910 Script Info: | <html lang=en>
1911 Script Info: | <meta charset=utf-8>
1912 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1913 Script Info: | <title>Error 404 (Not Found)!!1</title>
1914 Script Info: | <style>
1915 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/goo
1916 Script Info: |_http-title: Error 404 (Not Found)!!1
1917 Port: 110/tcp open tcpwrapped syn-ack ttl 122
1918 Port: 143/tcp open tcpwrapped syn-ack ttl 122
1919 Port: 443/tcp open tcpwrapped syn-ack ttl 122
1920 Port: 465/tcp open tcpwrapped syn-ack ttl 122
1921 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1922 Port: 587/tcp open tcpwrapped syn-ack ttl 122
1923 Script Info: |_smtp-commands: Couldn't establish connection on port 587
1924 Port: 993/tcp open tcpwrapped syn-ack ttl 122
1925 Port: 995/tcp open tcpwrapped syn-ack ttl 122
1926 Port: 3389/tcp open tcpwrapped syn-ack ttl 122
1927 Port: 5432/tcp open tcpwrapped syn-ack ttl 122
1928 Port: 5900/tcp open tcpwrapped syn-ack ttl 122
1929 Port: 8080/tcp open http-proxy syn-ack ttl 122
1930 Script Info: | fingerprint-strings:
1931 Script Info: | GetRequest, HTTPOptions:
1932 Script Info: | HTTP/1.0 404 Not Found
1933 Script Info: | Content-Type: text/html; charset=UTF-8
1934 Script Info: | Referrer-Policy: no-referrer
1935 Script Info: | Content-Length: 1561
1936 Script Info: | Date: Thu, 12 Mar 2020 13:41:30 GMT
1937 Script Info: | <!DOCTYPE html>
1938 Script Info: | <html lang=en>
1939 Script Info: | <meta charset=utf-8>
1940 Script Info: | <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
1941 Script Info: | <title>Error 404 (Not Found)!!1</title>
1942 Script Info: | <style>
1943 Script Info: |_ *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/goo
1944 Script Info: |_http-title: Error 404 (Not Found)!!1
1945 IP: 72.14.192.0
1946 Type: SPF
1947 Is Active: True (echo-reply ttl 56)
1948 Port: 25/tcp open smtp syn-ack ttl 108 Google gsmtp
1949 Script Info: | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 35882577, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1950 Script Info: |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 k12sm15588957wrv.88 - gsmtp
1951 Script Info: | ssl-cert: Subject: commonName=smtp.gmail.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1952 Script Info: | Subject Alternative Name: DNS:smtp.gmail.com
1953 Script Info: | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1954 Script Info: | Public Key type: rsa
1955 Script Info: | Public Key bits: 2048
1956 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1957 Script Info: | Not valid before: 2020-01-14T15:22:17
1958 Script Info: | Not valid after: 2021-01-08T15:22:17
1959 Script Info: | MD5: c226 06b4 a44b 79fa 923b 3885 dfd5 94b1
1960 Script Info: |_SHA-1: 9188 cfd3 e52f c704 5bf4 705c 3851 2c5c e235 064a
1961 Script Info: |_ssl-date: 2020-03-12T13:49:16+00:00; -4s from scanner time.
1962 Port: 80/tcp open http syn-ack ttl 108 Google httpd
1963 Script Info: | http-methods:
1964 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1965 Script Info: |_http-server-header: ghs
1966 Script Info: |_http-title: Error 404 (Not Found)!!1
1967 Port: 443/tcp open ssl/https? syn-ack ttl 108
1968 Port: 465/tcp open ssl/smtp syn-ack ttl 108 Google gsmtp
1969 Script Info: |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1970 Script Info: | ssl-cert: Subject: commonName=smtp.gmail.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1971 Script Info: | Subject Alternative Name: DNS:smtp.gmail.com
1972 Script Info: | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1973 Script Info: | Public Key type: rsa
1974 Script Info: | Public Key bits: 2048
1975 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1976 Script Info: | Not valid before: 2020-01-14T15:22:17
1977 Script Info: | Not valid after: 2021-01-08T15:22:17
1978 Script Info: | MD5: c226 06b4 a44b 79fa 923b 3885 dfd5 94b1
1979 Script Info: |_SHA-1: 9188 cfd3 e52f c704 5bf4 705c 3851 2c5c e235 064a
1980 Script Info: |_ssl-date: 2020-03-12T13:49:15+00:00; -4s from scanner time.
1981 Port: 587/tcp open smtp syn-ack ttl 108 Google gsmtp
1982 Script Info: | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 35882577, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
1983 Script Info: |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 e22sm12349674wme.45 - gsmtp
1984 Script Info: | ssl-cert: Subject: commonName=smtp.gmail.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
1985 Script Info: | Subject Alternative Name: DNS:smtp.gmail.com
1986 Script Info: | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
1987 Script Info: | Public Key type: rsa
1988 Script Info: | Public Key bits: 2048
1989 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1990 Script Info: | Not valid before: 2020-01-14T15:22:17
1991 Script Info: | Not valid after: 2021-01-08T15:22:17
1992 Script Info: | MD5: c226 06b4 a44b 79fa 923b 3885 dfd5 94b1
1993 Script Info: |_SHA-1: 9188 cfd3 e52f c704 5bf4 705c 3851 2c5c e235 064a
1994 Script Info: |_ssl-date: 2020-03-12T13:49:16+00:00; -4s from scanner time.
1995 Port: 993/tcp open ssl/imap syn-ack ttl 108 Google Gmail imapd (5mb67115728wmy)
1996 Script Info: |_imap-capabilities: CAPABILITY
1997 Script Info: | ssl-cert: Subject: commonName=ghs-ssl.googlehosted.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US
1998 Script Info: | Subject Alternative Name: DNS:ghs-ssl.googlehosted.com
1999 Script Info: | Issuer: commonName=Google Internet Authority G2/organizationName=Google Inc/countryName=US
2000 Script Info: | Public Key type: rsa
2001 Script Info: | Public Key bits: 2048
2002 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2003 Script Info: | Not valid before: 2015-11-27T08:49:40
2004 Script Info: | Not valid after: 2016-11-26T00:00:00
2005 Script Info: | MD5: fe82 6dc4 7414 1ec6 186e 2a96 928b e8f9
2006 Script Info: |_SHA-1: 12ca fdcc 0f42 c1cf e45f 4d5e bd10 503a c109 650e
2007 Script Info: |_ssl-date: 2020-03-12T13:49:15+00:00; -4s from scanner time.
2008 Port: 995/tcp open ssl/pop3 syn-ack ttl 108 Google Gmail pop3d (p16mb1470564wrm)
2009 Script Info: | ssl-cert: Subject: commonName=ghs-ssl.googlehosted.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US
2010 Script Info: | Subject Alternative Name: DNS:ghs-ssl.googlehosted.com
2011 Script Info: | Issuer: commonName=Google Internet Authority G2/organizationName=Google Inc/countryName=US
2012 Script Info: | Public Key type: rsa
2013 Script Info: | Public Key bits: 2048
2014 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2015 Script Info: | Not valid before: 2015-11-27T08:49:40
2016 Script Info: | Not valid after: 2016-11-26T00:00:00
2017 Script Info: | MD5: fe82 6dc4 7414 1ec6 186e 2a96 928b e8f9
2018 Script Info: |_SHA-1: 12ca fdcc 0f42 c1cf e45f 4d5e bd10 503a c109 650e
2019 Script Info: |_ssl-date: 2020-03-12T13:49:15+00:00; -4s from scanner time.
2020 Os Info: Host: mx.google.com
2021 Script Info: |_clock-skew: mean: -4s, deviation: 0s, median: -4s
2022 IP: 66.249.80.0
2023 Type: SPF
2024 Is Active: False
2025 IP: 209.85.233.27
2026 HostName: alt1.aspmx.l.google.com Type: MX
2027 HostName: lr-in-f27.1e100.net Type: PTR
2028 HostName: aspmx2.googlemail.com Type: MX
2029 Country: United States
2030 Is Active: True (echo-reply ttl 45)
2031 Port: 25/tcp open smtp syn-ack ttl 108 Google gsmtp
2032 Script Info: | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 157286400, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
2033 Script Info: |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 l10si4729794lfg.183 - gsmtp
2034 Script Info: | ssl-cert: Subject: commonName=mx.google.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
2035 Script Info: | Subject Alternative Name: DNS:mx.google.com, DNS:alt1.aspmx.l.google.com, DNS:alt1.gmail-smtp-in.l.google.com, DNS:alt1.gmr-smtp-in.l.google.com, DNS:alt2.aspmx.l.google.com, DNS:alt2.gmail-smtp-in.l.google.com, DNS:alt2.gmr-smtp-in.l.google.com, DNS:alt3.aspmx.l.google.com, DNS:alt3.gmail-smtp-in.l.google.com, DNS:alt3.gmr-smtp-in.l.google.com, DNS:alt4.aspmx.l.google.com, DNS:alt4.gmail-smtp-in.l.google.com, DNS:alt4.gmr-smtp-in.l.google.com, DNS:aspmx.l.google.com, DNS:aspmx2.googlemail.com, DNS:aspmx3.googlemail.com, DNS:aspmx4.googlemail.com, DNS:aspmx5.googlemail.com, DNS:gmail-smtp-in.l.google.com, DNS:gmr-mx.google.com, DNS:gmr-smtp-in.l.google.com, DNS:mx1.smtp.goog, DNS:mx2.smtp.goog, DNS:mx3.smtp.goog, DNS:mx4.smtp.goog
2036 Script Info: | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
2037 Script Info: | Public Key type: rsa
2038 Script Info: | Public Key bits: 2048
2039 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2040 Script Info: | Not valid before: 2020-02-25T20:43:24
2041 Script Info: | Not valid after: 2020-05-19T20:43:24
2042 Script Info: | MD5: 2738 1c01 ccd8 4e62 f9b3 08d1 1fea ba05
2043 Script Info: |_SHA-1: 320e ca4f 2b8b 89e9 4ed0 1f65 f18d d1c6 8b14 d0b3
2044 Script Info: |_ssl-date: 2020-03-12T13:50:44+00:00; -4s from scanner time.
2045 Os Info: Host: mx.google.com
2046 Script Info: |_clock-skew: -4s
2047 IP: 35.191.0.0
2048 Type: SPF
2049 Is Active: False
2050 IP: 74.125.133.27
2051 HostName: aspmx.l.google.com Type: MX
2052 HostName: wo-in-f27.1e100.net Type: PTR
2053 Country: United States
2054 Is Active: True (echo-reply ttl 45)
2055 Port: 25/tcp open smtp syn-ack ttl 108 Google gsmtp
2056 Script Info: | smtp-commands: mx.google.com at your service, [84.17.52.5], SIZE 157286400, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
2057 Script Info: |_ 2.0.0 https://www.google.com/search?btnI&q=RFC+5321 a26si4422535wmm.33 - gsmtp
2058 Script Info: | ssl-cert: Subject: commonName=mx.google.com/organizationName=Google LLC/stateOrProvinceName=California/countryName=US
2059 Script Info: | Subject Alternative Name: DNS:mx.google.com, DNS:alt1.aspmx.l.google.com, DNS:alt1.gmail-smtp-in.l.google.com, DNS:alt1.gmr-smtp-in.l.google.com, DNS:alt2.aspmx.l.google.com, DNS:alt2.gmail-smtp-in.l.google.com, DNS:alt2.gmr-smtp-in.l.google.com, DNS:alt3.aspmx.l.google.com, DNS:alt3.gmail-smtp-in.l.google.com, DNS:alt3.gmr-smtp-in.l.google.com, DNS:alt4.aspmx.l.google.com, DNS:alt4.gmail-smtp-in.l.google.com, DNS:alt4.gmr-smtp-in.l.google.com, DNS:aspmx.l.google.com, DNS:aspmx2.googlemail.com, DNS:aspmx3.googlemail.com, DNS:aspmx4.googlemail.com, DNS:aspmx5.googlemail.com, DNS:gmail-smtp-in.l.google.com, DNS:gmr-mx.google.com, DNS:gmr-smtp-in.l.google.com, DNS:mx1.smtp.goog, DNS:mx2.smtp.goog, DNS:mx3.smtp.goog, DNS:mx4.smtp.goog
2060 Script Info: | Issuer: commonName=GTS CA 1O1/organizationName=Google Trust Services/countryName=US
2061 Script Info: | Public Key type: rsa
2062 Script Info: | Public Key bits: 2048
2063 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2064 Script Info: | Not valid before: 2020-02-25T20:43:24
2065 Script Info: | Not valid after: 2020-05-19T20:43:24
2066 Script Info: | MD5: 2738 1c01 ccd8 4e62 f9b3 08d1 1fea ba05
2067 Script Info: |_SHA-1: 320e ca4f 2b8b 89e9 4ed0 1f65 f18d d1c6 8b14 d0b3
2068 Script Info: |_ssl-date: 2020-03-12T13:51:08+00:00; -4s from scanner time.
2069 Os Info: Host: mx.google.com
2070 Script Info: |_clock-skew: -4s
2071 IP: 64.233.160.0
2072 Type: SPF
2073 Is Active: False
2074
2075--------------End Summary --------------
2076-----------------------------------------
2077######################################################################################################################################
2078----- paltahass.cl -----
2079
2080
2081Host's addresses:
2082__________________
2083
2084paltahass.cl. 10800 IN A 107.180.28.114
2085
2086
2087Name Servers:
2088______________
2089
2090ns44.domaincontrol.com. 86400 IN A 173.201.69.22
2091ns43.domaincontrol.com. 86400 IN A 97.74.101.22
2092
2093
2094Mail (MX) Servers:
2095___________________
2096
2097aspmx3.googlemail.com. 293 IN A 172.253.118.26
2098alt2.aspmx.l.google.com. 293 IN A 172.253.118.26
2099alt1.aspmx.l.google.com. 293 IN A 209.85.233.26
2100aspmx.l.google.com. 293 IN A 64.233.167.26
2101aspmx2.googlemail.com. 293 IN A 209.85.233.26
2102
2103
2104Trying Zone Transfers and getting Bind Versions:
2105_________________________________________________
2106
2107
2108Trying Zone Transfer for paltahass.cl on ns44.domaincontrol.com ...
2109AXFR record query failed: corrupt packet
2110
2111Trying Zone Transfer for paltahass.cl on ns43.domaincontrol.com ...
2112AXFR record query failed: corrupt packet
2113
2114
2115Scraping paltahass.cl subdomains from Google:
2116______________________________________________
2117
2118
2119 ---- Google search page: 1 ----
2120
2121
2122
2123Google Results:
2124________________
2125
2126 perhaps Google is blocking our queries.
2127 Check manually.
2128
2129
2130Brute forcing with /usr/share/dnsenum/dns.txt:
2131_______________________________________________
2132
2133admin.paltahass.cl. 10800 IN A 107.180.28.114
2134mail.paltahass.cl. 10800 IN A 107.180.28.114
2135www.paltahass.cl. 10800 IN CNAME paltahass.cl.
2136paltahass.cl. 10691 IN A 107.180.28.114
2137
2138
2139Launching Whois Queries:
2140_________________________
2141
2142 whois ip result: 107.180.28.0 -> 107.180.0.0/17
2143
2144
2145paltahass.cl____________
2146
2147 107.180.0.0/17
2148#######################################################################################################################################
2149dnsenum VERSION:1.2.6
2150
2151----- www.paltahass.cl -----
2152
2153
2154Host's addresses:
2155__________________
2156
2157paltahass.cl. 8601 IN A 107.180.28.114
2158
2159
2160Name Servers:
2161______________
2162
2163ns44.domaincontrol.com. 86112 IN A 173.201.69.22
2164ns43.domaincontrol.com. 86112 IN A 97.74.101.22
2165
2166
2167Mail (MX) Servers:
2168___________________
2169
2170alt1.aspmx.l.google.com. 293 IN A 209.85.233.26
2171alt2.aspmx.l.google.com. 293 IN A 172.253.118.27
2172aspmx.l.google.com. 293 IN A 64.233.167.27
2173aspmx2.googlemail.com. 293 IN A 209.85.233.27
2174aspmx3.googlemail.com. 293 IN A 172.253.118.27
2175
2176
2177######################################################################################################################################
2178Source:
2179whois.arin.net
2180IP Address:
2181107.180.28.114
2182Name:
2183GO-DADDY-COM-LLC
2184Handle:
2185NET-107-180-0-0-1
2186Registration Date:
21872/11/14
2188Range:
2189107.180.0.0-107.180.127.255
2190Org:
2191GoDaddy.com, LLC
2192Org Handle:
2193GODAD
2194Address:
219514455 N Hayden Road
2196City:
2197Scottsdale
2198State/Province:
2199AZ
2200Postal Code:
220185260
2202Country:
2203United States
2204Name Servers:
2205######################################################################################################################################
2206URLCrazy Domain Report
2207Domain : www.paltahass.cl
2208Keyboard : qwerty
2209At : 2020-03-12 08:40:56 -0400
2210
2211# Please wait. 164 hostnames to process
2212
2213Typo Type Typo DNS-A CC-A DNS-MX Extn
2214-----------------------------------------------------------------------------------------------------------
2215Character Omission ww.paltahass.cl ? cl
2216Character Omission www.altahass.cl ? cl
2217Character Omission www.palahass.cl ? cl
2218Character Omission www.paltaass.cl ? cl
2219Character Omission www.paltahas.cl ? cl
2220Character Omission www.paltahss.cl ? cl
2221Character Omission www.palthass.cl ? cl
2222Character Omission www.patahass.cl ? cl
2223Character Omission www.pltahass.cl ? cl
2224Character Omission wwwpaltahass.cl ? cl
2225Character Repeat www.paaltahass.cl ? cl
2226Character Repeat www.palltahass.cl ? cl
2227Character Repeat www.paltaahass.cl ? cl
2228Character Repeat www.paltahaass.cl ? cl
2229Character Repeat www.paltahasss.cl ? cl
2230Character Repeat www.paltahhass.cl ? cl
2231Character Repeat www.palttahass.cl ? cl
2232Character Repeat www.ppaltahass.cl ? cl
2233Character Repeat wwww.paltahass.cl ? cl
2234Character Swap ww.wpaltahass.cl ? cl
2235Character Swap www.apltahass.cl ? cl
2236Character Swap www.palathass.cl ? cl
2237Character Swap www.paltaahss.cl ? cl
2238Character Swap www.paltahass.lc ? lc
2239Character Swap www.paltahsas.cl ? cl
2240Character Swap www.palthaass.cl ? cl
2241Character Swap www.patlahass.cl ? cl
2242Character Swap www.platahass.cl ? cl
2243Character Swap wwwp.altahass.cl ? cl
2244Character Replacement eww.paltahass.cl ? cl
2245Character Replacement qww.paltahass.cl ? cl
2246Character Replacement wew.paltahass.cl ? cl
2247Character Replacement wqw.paltahass.cl ? cl
2248Character Replacement wwe.paltahass.cl ? cl
2249Character Replacement wwq.paltahass.cl ? cl
2250Character Replacement www.oaltahass.cl ? cl
2251Character Replacement www.paktahass.cl ? cl
2252Character Replacement www.palrahass.cl ? cl
2253Character Replacement www.paltagass.cl ? cl
2254Character Replacement www.paltahaas.cl ? cl
2255Character Replacement www.paltahads.cl ? cl
2256Character Replacement www.paltahasa.cl ? cl
2257Character Replacement www.paltahasd.cl ? cl
2258Character Replacement www.paltahsss.cl ? cl
2259Character Replacement www.paltajass.cl ? cl
2260Character Replacement www.paltshass.cl ? cl
2261Character Replacement www.palyahass.cl ? cl
2262Character Replacement www.psltahass.cl ? cl
2263Double Character Replacement eew.paltahass.cl ? cl
2264Double Character Replacement qqw.paltahass.cl ? cl
2265Double Character Replacement wee.paltahass.cl ? cl
2266Double Character Replacement wqq.paltahass.cl ? cl
2267Double Character Replacement www.paltahaaa.cl ? cl
2268Double Character Replacement www.paltahadd.cl ? cl
2269Character Insertion weww.paltahass.cl ? cl
2270Character Insertion wqww.paltahass.cl ? cl
2271Character Insertion wwew.paltahass.cl ? cl
2272Character Insertion wwqw.paltahass.cl ? cl
2273Character Insertion www.palktahass.cl ? cl
2274Character Insertion www.paltahasas.cl ? cl
2275Character Insertion www.paltahasds.cl ? cl
2276Character Insertion www.paltahassa.cl ? cl
2277Character Insertion www.paltahassd.cl ? cl
2278Character Insertion www.paltahgass.cl ? cl
2279Character Insertion www.paltahjass.cl ? cl
2280Character Insertion www.paltashass.cl 50.87.144.118 US,UNITED STATES cl
2281Character Insertion www.paltrahass.cl ? cl
2282Character Insertion www.paltyahass.cl ? cl
2283Character Insertion www.pasltahass.cl ? cl
2284Character Insertion www.poaltahass.cl ? cl
2285Character Insertion wwwe.paltahass.cl ? cl
2286Character Insertion wwwq.paltahass.cl ? cl
2287Missing Dot wwwwww.paltahass.cl ? cl
2288Singular or Pluralise paltahas.cl ? cl
2289Singular or Pluralise paltahasses.cl ? cl
2290Vowel Swap www.peltehess.cl ? cl
2291Vowel Swap www.piltihiss.cl ? cl
2292Vowel Swap www.poltohoss.cl ? cl
2293Vowel Swap www.pultuhuss.cl ? cl
2294Bit Flipping 7ww.paltahass.cl ? cl
2295Bit Flipping gww.paltahass.cl ? cl
2296Bit Flipping sww.paltahass.cl ? cl
2297Bit Flipping uww.paltahass.cl ? cl
2298Bit Flipping vww.paltahass.cl ? cl
2299Bit Flipping w7w.paltahass.cl ? cl
2300Bit Flipping wgw.paltahass.cl ? cl
2301Bit Flipping wsw.paltahass.cl ? cl
2302Bit Flipping wuw.paltahass.cl ? cl
2303Bit Flipping wvw.paltahass.cl ? cl
2304Bit Flipping ww7.paltahass.cl ? cl
2305Bit Flipping wwg.paltahass.cl ? cl
2306Bit Flipping wws.paltahass.cl ? cl
2307Bit Flipping wwu.paltahass.cl ? cl
2308Bit Flipping wwv.paltahass.cl ? cl
2309Bit Flipping www.0altahass.cl ? cl
2310Bit Flipping www.padtahass.cl ? cl
2311Bit Flipping www.pahtahass.cl ? cl
2312Bit Flipping www.pal4ahass.cl ? cl
2313Bit Flipping www.paldahass.cl ? cl
2314Bit Flipping www.palpahass.cl ? cl
2315Bit Flipping www.paltaha3s.cl ? cl
2316Bit Flipping www.paltahacs.cl ? cl
2317Bit Flipping www.paltahaqs.cl ? cl
2318Bit Flipping www.paltahars.cl ? cl
2319Bit Flipping www.paltahas3.cl ? cl
2320Bit Flipping www.paltahasc.cl ? cl
2321Bit Flipping www.paltahasq.cl ? cl
2322Bit Flipping www.paltahasr.cl ? cl
2323Bit Flipping www.paltahass.cd ? cd
2324Bit Flipping www.paltahass.ch ? ch
2325Bit Flipping www.paltahass.cm ? cm
2326Bit Flipping www.paltahass.cn ? cn
2327Bit Flipping www.paltahass.gl ? gl
2328Bit Flipping www.paltahass.sl ? sl
2329Bit Flipping www.paltahasw.cl ? cl
2330Bit Flipping www.paltahaws.cl ? cl
2331Bit Flipping www.paltahcss.cl ? cl
2332Bit Flipping www.paltahess.cl ? cl
2333Bit Flipping www.paltahiss.cl ? cl
2334Bit Flipping www.paltahqss.cl ? cl
2335Bit Flipping www.paltaiass.cl ? cl
2336Bit Flipping www.paltalass.cl ? cl
2337Bit Flipping www.paltaxass.cl ? cl
2338Bit Flipping www.paltchass.cl ? cl
2339Bit Flipping www.paltehass.cl ? cl
2340Bit Flipping www.paltihass.cl ? cl
2341Bit Flipping www.paltqhass.cl ? cl
2342Bit Flipping www.paluahass.cl ? cl
2343Bit Flipping www.palvahass.cl ? cl
2344Bit Flipping www.pamtahass.cl ? cl
2345Bit Flipping www.pantahass.cl ? cl
2346Bit Flipping www.pcltahass.cl ? cl
2347Bit Flipping www.peltahass.cl ? cl
2348Bit Flipping www.piltahass.cl ? cl
2349Bit Flipping www.pqltahass.cl ? cl
2350Bit Flipping www.qaltahass.cl ? cl
2351Bit Flipping www.raltahass.cl ? cl
2352Bit Flipping www.taltahass.cl ? cl
2353Bit Flipping www.xaltahass.cl ? cl
2354Bit Flipping wwwnpaltahass.cl ? cl
2355Homoglyphs vvvvvv.paltahass.cl ? cl
2356Homoglyphs vvvvw.paltahass.cl ? cl
2357Homoglyphs vvwvv.paltahass.cl ? cl
2358Homoglyphs vvww.paltahass.cl ? cl
2359Homoglyphs wvvvv.paltahass.cl ? cl
2360Homoglyphs wvvw.paltahass.cl ? cl
2361Homoglyphs wwvv.paltahass.cl ? cl
2362Homoglyphs www.pa1tahass.cl ? cl
2363Wrong TLD paltahass.ca ? ca
2364Wrong TLD paltahass.ch ? ch
2365Wrong TLD paltahass.com 192.232.218.214 paltahass.com com
2366Wrong TLD paltahass.de ? de
2367Wrong TLD paltahass.edu ? edu
2368Wrong TLD paltahass.es ? es
2369Wrong TLD paltahass.fr ? fr
2370Wrong TLD paltahass.it ? it
2371Wrong TLD paltahass.jp ? jp
2372Wrong TLD paltahass.net ? net
2373Wrong TLD paltahass.nl ? nl
2374Wrong TLD paltahass.no ? no
2375Wrong TLD paltahass.org ? org
2376Wrong TLD paltahass.ru ? ru
2377Wrong TLD paltahass.se ? se
2378Wrong TLD paltahass.us ? us
2379#######################################################################################################################################
2380[*] Processing domain www.paltahass.cl
2381[*] Using system resolvers ['10.101.0.243', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
2382[+] Getting nameservers
238397.74.101.22 - ns43.domaincontrol.com
2384173.201.69.22 - ns44.domaincontrol.com
2385[-] Zone transfer failed
2386
2387[+] TXT records found
2388"v=spf1 include:_spf.google.com ~all"
2389
2390[+] MX records found, added to target list
23915 alt1.aspmx.l.google.com.
23925 alt2.aspmx.l.google.com.
23931 aspmx.l.google.com.
239410 aspmx2.googlemail.com.
239510 aspmx3.googlemail.com.
2396
2397[*] Scanning www.paltahass.cl for A records
2398107.180.28.114 - www.paltahass.cl
2399 #######################################################################################################################################
2400[*] Found SPF record:
2401[*] v=spf1 include:_spf.google.com ~all
2402[*] SPF record contains an All item: ~all
2403[*] No DMARC record found. Looking for organizational record
2404[+] No organizational DMARC record
2405[+] Spoofing possible for www.paltahass.cl!
2406######################################################################################################################################
2407WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2408Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:56 EDT
2409Nmap scan report for www.paltahass.cl (107.180.28.114)
2410Host is up (0.29s latency).
2411rDNS record for 107.180.28.114: ip-107-180-28-114.ip.secureserver.net
2412Not shown: 495 filtered ports
2413Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2414PORT STATE SERVICE
241522/tcp open ssh
2416
2417Nmap done: 1 IP address (1 host up) scanned in 15.92 seconds
2418######################################################################################################################################
2419Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:56 EDT
2420Nmap scan report for www.paltahass.cl (107.180.28.114)
2421Host is up.
2422rDNS record for 107.180.28.114: ip-107-180-28-114.ip.secureserver.net
2423
2424PORT STATE SERVICE
242553/udp open|filtered domain
242667/udp open|filtered dhcps
242768/udp open|filtered dhcpc
242869/udp open|filtered tftp
242988/udp open|filtered kerberos-sec
2430123/udp open|filtered ntp
2431137/udp open|filtered netbios-ns
2432138/udp open|filtered netbios-dgm
2433139/udp open|filtered netbios-ssn
2434161/udp open|filtered snmp
2435162/udp open|filtered snmptrap
2436389/udp open|filtered ldap
2437500/udp open|filtered isakmp
2438520/udp open|filtered route
24392049/udp open|filtered nfs
2440
2441Nmap done: 1 IP address (1 host up) scanned in 5.45 seconds
2442#######################################################################################################################################
2443Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:56 EDT
2444NSE: Loaded 51 scripts for scanning.
2445NSE: Script Pre-scanning.
2446Initiating NSE at 08:56
2447Completed NSE at 08:56, 0.00s elapsed
2448Initiating NSE at 08:56
2449Completed NSE at 08:56, 0.00s elapsed
2450Initiating Parallel DNS resolution of 1 host. at 08:56
2451Completed Parallel DNS resolution of 1 host. at 08:56, 0.02s elapsed
2452Initiating SYN Stealth Scan at 08:56
2453Scanning www.paltahass.cl (107.180.28.114) [1 port]
2454Discovered open port 22/tcp on 107.180.28.114
2455Completed SYN Stealth Scan at 08:56, 0.40s elapsed (1 total ports)
2456Initiating Service scan at 08:56
2457Scanning 1 service on www.paltahass.cl (107.180.28.114)
2458Completed Service scan at 08:56, 0.52s elapsed (1 service on 1 host)
2459Initiating OS detection (try #1) against www.paltahass.cl (107.180.28.114)
2460Retrying OS detection (try #2) against www.paltahass.cl (107.180.28.114)
2461Initiating Traceroute at 08:56
2462Completed Traceroute at 08:56, 3.26s elapsed
2463Initiating Parallel DNS resolution of 15 hosts. at 08:56
2464Completed Parallel DNS resolution of 15 hosts. at 08:56, 0.24s elapsed
2465NSE: Script scanning 107.180.28.114.
2466Initiating NSE at 08:56
2467Completed NSE at 08:57, 42.57s elapsed
2468Initiating NSE at 08:57
2469Completed NSE at 08:57, 0.00s elapsed
2470Nmap scan report for www.paltahass.cl (107.180.28.114)
2471Host is up (0.37s latency).
2472rDNS record for 107.180.28.114: ip-107-180-28-114.ip.secureserver.net
2473
2474PORT STATE SERVICE VERSION
247522/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2476|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
2477|_ssh-brute: ERROR: Script execution failed (use -d to debug)
2478|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
2479|_ssh-run: ERROR: Script execution failed (use -d to debug)
2480| vulners:
2481| cpe:/a:openbsd:openssh:5.3:
2482| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
2483| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
2484| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
2485| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
2486| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
2487| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
2488| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
2489| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
2490|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
2491Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2492Device type: WAP|general purpose|router|specialized|storage-misc
2493Running (JUST GUESSING): Ruckus embedded (92%), Linux 3.X|2.6.X (92%), MikroTik RouterOS 6.X (85%), Tizen (85%), Ubiquiti AirOS 5.X (85%), Synology DiskStation Manager 5.X (85%)
2494OS CPE: cpe:/h:ruckus:zoneflex_r710 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:mikrotik:routeros:6.34 cpe:/o:tizen:tizen cpe:/o:ubnt:airos:5.2.6 cpe:/a:synology:diskstation_manager:5.2
2495Aggressive OS guesses: Ruckus ZoneFlex R710 WAP (Linux 3.4) (92%), Linux 2.6.32 (91%), Linux 3.10 (91%), Linux 3.3 (88%), Linux 3.11 (86%), Linux 3.2 (86%), Linux 3.2 - 3.10 (86%), Linux 3.2 - 3.16 (86%), Linux 3.4 (86%), Linux 3.4 - 3.10 (86%)
2496No exact OS matches for host (test conditions non-ideal).
2497Uptime guess: 3.742 days (since Sun Mar 8 15:08:42 2020)
2498Network Distance: 20 hops
2499TCP Sequence Prediction: Difficulty=261 (Good luck!)
2500IP ID Sequence Generation: All zeros
2501
2502TRACEROUTE (using port 22/tcp)
2503HOP RTT ADDRESS
25041 248.07 ms 10.202.3.1
25052 248.12 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
25063 132.06 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
25074 132.11 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
25085 132.13 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
25096 132.19 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
25107 132.18 ms be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117)
25118 132.16 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
25129 248.20 ms ffm-bb1-link.telia.net (62.115.114.88)
251310 248.22 ms prs-bb3-link.telia.net (62.115.123.13)
251411 325.52 ms ash-bb3-link.telia.net (62.115.122.159)
251512 338.79 ms rest-b1-link.telia.net (62.115.117.116)
251613 338.84 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
251714 338.81 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
251815 ... 19
251920 342.46 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2520
2521NSE: Script Post-scanning.
2522Initiating NSE at 08:57
2523Completed NSE at 08:57, 0.00s elapsed
2524Initiating NSE at 08:57
2525Completed NSE at 08:57, 0.00s elapsed
2526#######################################################################################################################################
2527Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:39 EDT
2528Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2529Host is up (0.23s latency).
2530Not shown: 452 filtered ports, 12 closed ports
2531Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2532PORT STATE SERVICE VERSION
253321/tcp open ftp Pure-FTPd
2534| ssl-cert: Subject: commonName=*.prod.iad2.secureserver.net
2535| Subject Alternative Name: DNS:*.prod.iad2.secureserver.net, DNS:prod.iad2.secureserver.net
2536| Not valid before: 2020-01-14T17:52:33
2537|_Not valid after: 2022-01-14T17:52:33
2538|_ssl-date: 2020-03-12T12:44:04+00:00; -4s from scanner time.
253922/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2540| ssh-hostkey:
2541| 1024 68:b1:66:a3:cd:70:82:a0:f2:0a:69:c3:44:a5:0b:51 (DSA)
2542|_ 2048 b1:6b:fc:86:7b:19:21:4b:95:c8:34:ad:ee:04:43:81 (RSA)
254325/tcp open smtp?
2544|_smtp-commands: Couldn't establish connection on port 25
254580/tcp open http Apache httpd
2546|_http-server-header: Apache
2547|_http-title: Coming Soon
2548110/tcp open pop3 Dovecot pop3d
2549|_pop3-capabilities: AUTH-RESP-CODE STLS UIDL TOP PIPELINING RESP-CODES SASL(PLAIN LOGIN) USER CAPA
2550|_ssl-date: 2020-03-12T12:44:04+00:00; -4s from scanner time.
2551143/tcp open imap Dovecot imapd
2552|_imap-capabilities: capabilities AUTH=LOGINA0001 LOGIN-REFERRALS IDLE SASL-IR listed IMAP4rev1 AUTH=PLAIN have NAMESPACE STARTTLS post-login more LITERAL+ OK Pre-login ID ENABLE
2553|_ssl-date: 2020-03-12T12:44:04+00:00; -4s from scanner time.
2554443/tcp open ssl/http Apache httpd
2555|_http-server-header: Apache
2556|_http-title: 400 Bad Request
2557| ssl-cert: Subject: commonName=*.prod.iad2.secureserver.net
2558| Subject Alternative Name: DNS:*.prod.iad2.secureserver.net, DNS:prod.iad2.secureserver.net
2559| Not valid before: 2020-01-14T17:52:33
2560|_Not valid after: 2022-01-14T17:52:33
2561|_ssl-date: TLS randomness does not represent time
2562| tls-alpn:
2563| h2
2564|_ http/1.1
2565465/tcp open ssl/smtp Exim smtpd 4.92
2566| smtp-commands: a2plcpnl0708.prod.iad2.secureserver.net Hello ip-107-180-28-114.ip.secureserver.net [84.17.52.5], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, SMTPUTF8, HELP,
2567|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2568| ssl-cert: Subject: commonName=*.prod.iad2.secureserver.net
2569| Subject Alternative Name: DNS:*.prod.iad2.secureserver.net, DNS:prod.iad2.secureserver.net
2570| Not valid before: 2020-01-14T17:52:33
2571|_Not valid after: 2022-01-14T17:52:33
2572|_ssl-date: 2020-03-12T12:43:40+00:00; -4s from scanner time.
2573587/tcp open smtp Exim smtpd 4.92
2574| smtp-commands: a2plcpnl0708.prod.iad2.secureserver.net Hello ip-107-180-28-114.ip.secureserver.net [84.17.52.5], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, STARTTLS, SMTPUTF8, HELP,
2575|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2576| ssl-cert: Subject: commonName=*.prod.iad2.secureserver.net
2577| Subject Alternative Name: DNS:*.prod.iad2.secureserver.net, DNS:prod.iad2.secureserver.net
2578| Not valid before: 2020-01-14T17:52:33
2579|_Not valid after: 2022-01-14T17:52:33
2580|_ssl-date: 2020-03-12T12:44:04+00:00; -4s from scanner time.
2581993/tcp open ssl/imaps?
2582|_ssl-date: 2020-03-12T12:43:41+00:00; -3s from scanner time.
2583995/tcp open ssl/pop3s?
2584|_ssl-date: 2020-03-12T12:43:40+00:00; -4s from scanner time.
25853306/tcp open mysql MySQL 5.6.46-cll-lve
2586| mysql-info:
2587| Protocol: 10
2588| Version: 5.6.46-cll-lve
2589| Thread ID: 2672285
2590| Capabilities flags: 63487
2591| Some Capabilities: Support41Auth, Speaks41ProtocolOld, LongColumnFlag, ODBCClient, DontAllowDatabaseTableColumn, LongPassword, ConnectWithDatabase, IgnoreSigpipes, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, SupportsTransactions, Speaks41ProtocolNew, SupportsCompression, FoundRows, InteractiveClient, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
2592| Status: Autocommit
2593| Salt: }^?]:JBK3^^>[1!OMt!A
2594|_ Auth Plugin Name: mysql_native_password
2595Device type: general purpose|storage-misc|broadband router|router|media device|WAP
2596Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Infomir embedded (90%), Ubiquiti embedded (90%), Ubiquiti AirOS 5.X (90%)
2597OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
2598Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.32 - 3.13 (94%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.39 (92%), Linux 3.10 (92%), Linux 3.2 (92%), HP P2000 G3 NAS device (91%), Linux 3.8 (91%), Linux 2.6.32 - 3.10 (90%)
2599No exact OS matches for host (test conditions non-ideal).
2600Network Distance: 20 hops
2601Service Info: Host: a2plcpnl0708.prod.iad2.secureserver.net
2602
2603Host script results:
2604|_clock-skew: mean: -3s, deviation: 0s, median: -4s
2605
2606TRACEROUTE (using port 587/tcp)
2607HOP RTT ADDRESS
26081 279.01 ms 10.202.3.1
26092 279.04 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
26103 279.05 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
26114 279.06 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
26125 279.07 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
26136 279.08 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
26147 279.09 ms be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117)
26158 279.08 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
26169 279.12 ms ffm-bb1-link.telia.net (62.115.114.88)
261710 279.15 ms prs-bb3-link.telia.net (62.115.123.13)
261811 208.01 ms ash-bb3-link.telia.net (62.115.122.159)
261912 432.59 ms rest-b1-link.telia.net (62.115.117.116)
262013 320.71 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
262114 432.53 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
262215 ... 19
262320 432.53 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2624#######################################################################################################################################
2625Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:46 EDT
2626Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2627Host is up (0.20s latency).
2628Not shown: 14 filtered ports
2629Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2630PORT STATE SERVICE VERSION
263153/udp open|filtered domain
263267/udp open|filtered dhcps
263368/udp open|filtered dhcpc
263469/udp open|filtered tftp
263588/udp open|filtered kerberos-sec
2636123/udp open|filtered ntp
2637137/udp open|filtered netbios-ns
2638138/udp open|filtered netbios-dgm
2639139/udp open|filtered netbios-ssn
2640161/udp open|filtered snmp
2641162/udp open|filtered snmptrap
2642389/udp open|filtered ldap
2643520/udp open|filtered route
26442049/udp open|filtered nfs
2645Too many fingerprints match this host to give specific OS details
2646Network Distance: 20 hops
2647
2648TRACEROUTE (using proto 1/icmp)
2649HOP RTT ADDRESS
26501 320.40 ms 10.202.3.1
26512 320.43 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
26523 320.44 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
26534 320.44 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
26545 320.45 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
26556 320.47 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
26567 320.47 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
26578 320.47 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
26589 448.32 ms ffm-bb1-link.telia.net (62.115.114.88)
265910 208.31 ms prs-bb3-link.telia.net (62.115.123.13)
266011 236.68 ms ash-bb2-link.telia.net (62.115.112.242)
266112 243.68 ms rest-b1-link.telia.net (62.115.121.216)
266213 243.66 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
266314 243.62 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
266415 ... 19
266520 224.79 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2666#######################################################################################################################################
2667Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:51 EDT
2668NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
2669NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
2670NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
2671Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2672Host is up (0.27s latency).
2673
2674PORT STATE SERVICE VERSION
267521/tcp open ftp Pure-FTPd
2676| ftp-brute:
2677| Accounts: No valid accounts found
2678|_ Statistics: Performed 3017 guesses in 184 seconds, average tps: 16.0
2679Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2680Aggressive OS guesses: Linux 3.11 (92%), Linux 3.4 - 3.10 (92%), Linux 3.5 (92%), Synology DiskStation Manager 5.2-5644 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 (90%), Linux 2.6.32 - 3.1 (90%), Linux 3.10 (90%)
2681No exact OS matches for host (test conditions non-ideal).
2682Network Distance: 20 hops
2683
2684TRACEROUTE (using port 21/tcp)
2685HOP RTT ADDRESS
26861 178.30 ms 10.202.3.1
26872 178.35 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
26883 178.38 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
26894 178.40 ms be3592.ccr52.zrh02.atlas.cogentco.com (154.54.37.150)
26905 290.51 ms be3073.ccr22.muc03.atlas.cogentco.com (130.117.0.62)
26916 290.58 ms be2960.ccr42.fra03.atlas.cogentco.com (154.54.36.253)
26927 290.61 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
26938 290.59 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
26949 290.68 ms ffm-bb2-link.telia.net (62.115.114.90)
269510 290.71 ms prs-bb4-link.telia.net (62.115.122.138)
269611 ...
269712 332.07 ms rest-b1-link.telia.net (62.115.121.216)
269813 332.09 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
269914 332.09 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
270015 ... 19
270120 602.48 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2702#######################################################################################################################################
2703# general
2704(gen) banner: SSH-2.0-OpenSSH_5.3
2705(gen) software: OpenSSH 5.3
2706(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
2707(gen) compression: enabled (zlib@openssh.com)
2708
2709# key exchange algorithms
2710(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
2711 `- [info] available since OpenSSH 4.4
2712(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2713 `- [warn] using weak hashing algorithm
2714 `- [info] available since OpenSSH 2.3.0
2715(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
2716 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2717(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2718 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
2719 `- [warn] using small 1024-bit modulus
2720 `- [warn] using weak hashing algorithm
2721 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2722
2723# host-key algorithms
2724(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2725(key) ssh-rsa-cert-v01@openssh.com -- [info] available since OpenSSH 5.6
2726(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
2727 `- [warn] using small 1024-bit modulus
2728 `- [warn] using weak random number generator could reveal the key
2729 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2730
2731# encryption algorithms (ciphers)
2732(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2733(enc) aes192-ctr -- [info] available since OpenSSH 3.7
2734(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2735(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2736 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2737 `- [warn] using weak cipher
2738 `- [info] available since OpenSSH 4.2
2739(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2740 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2741 `- [warn] using weak cipher
2742 `- [info] available since OpenSSH 4.2
2743(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2744 `- [warn] using weak cipher mode
2745 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2746(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2747 `- [warn] using weak cipher
2748 `- [warn] using weak cipher mode
2749 `- [warn] using small 64-bit block size
2750 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2751(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2752 `- [fail] disabled since Dropbear SSH 0.53
2753 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2754 `- [warn] using weak cipher mode
2755 `- [warn] using small 64-bit block size
2756 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2757(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2758 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2759 `- [warn] using weak cipher mode
2760 `- [warn] using small 64-bit block size
2761 `- [info] available since OpenSSH 2.1.0
2762(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2763 `- [warn] using weak cipher mode
2764 `- [info] available since OpenSSH 2.3.0
2765(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2766 `- [warn] using weak cipher mode
2767 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
2768(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2769 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2770 `- [warn] using weak cipher
2771 `- [info] available since OpenSSH 2.1.0
2772(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2773 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2774 `- [warn] using weak cipher mode
2775 `- [info] available since OpenSSH 2.3.0
2776
2777# message authentication code algorithms
2778(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2779 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2780 `- [warn] using encrypt-and-MAC mode
2781 `- [warn] using weak hashing algorithm
2782 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2783(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
2784 `- [warn] using weak hashing algorithm
2785 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2786(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
2787 `- [warn] using small 64-bit tag size
2788 `- [info] available since OpenSSH 4.7
2789(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
2790 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2791(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
2792 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2793(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2794 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2795 `- [warn] using encrypt-and-MAC mode
2796 `- [info] available since OpenSSH 2.5.0
2797(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2798 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2799 `- [warn] using encrypt-and-MAC mode
2800 `- [info] available since OpenSSH 2.1.0
2801(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2802 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2803 `- [warn] using encrypt-and-MAC mode
2804 `- [warn] using weak hashing algorithm
2805 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
2806(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2807 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2808 `- [warn] using encrypt-and-MAC mode
2809 `- [warn] using weak hashing algorithm
2810 `- [info] available since OpenSSH 2.5.0
2811
2812# algorithm recommendations (for OpenSSH 5.3)
2813(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
2814(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
2815(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
2816(rec) -ssh-dss -- key algorithm to remove
2817(rec) -arcfour -- enc algorithm to remove
2818(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
2819(rec) -blowfish-cbc -- enc algorithm to remove
2820(rec) -3des-cbc -- enc algorithm to remove
2821(rec) -aes256-cbc -- enc algorithm to remove
2822(rec) -arcfour256 -- enc algorithm to remove
2823(rec) -cast128-cbc -- enc algorithm to remove
2824(rec) -aes192-cbc -- enc algorithm to remove
2825(rec) -arcfour128 -- enc algorithm to remove
2826(rec) -aes128-cbc -- enc algorithm to remove
2827(rec) -hmac-md5-96 -- mac algorithm to remove
2828(rec) -hmac-ripemd160 -- mac algorithm to remove
2829(rec) -hmac-sha1-96 -- mac algorithm to remove
2830(rec) -umac-64@openssh.com -- mac algorithm to remove
2831(rec) -hmac-md5 -- mac algorithm to remove
2832(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
2833(rec) -hmac-sha1 -- mac algorithm to remove
2834#######################################################################################################################################
2835Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:55 EDT
2836NSE: [ssh-run] Failed to specify credentials and command to run.
2837NSE: [ssh-brute] Trying username/password pair: root:root
2838NSE: [ssh-brute] Trying username/password pair: admin:admin
2839NSE: [ssh-brute] Trying username/password pair: administrator:administrator
2840NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
2841NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
2842NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
2843NSE: [ssh-brute] Trying username/password pair: guest:guest
2844NSE: [ssh-brute] Trying username/password pair: user:user
2845NSE: [ssh-brute] Trying username/password pair: web:web
2846NSE: [ssh-brute] Trying username/password pair: test:test
2847NSE: [ssh-brute] Trying username/password pair: root:
2848NSE: [ssh-brute] Trying username/password pair: admin:
2849NSE: [ssh-brute] Trying username/password pair: administrator:
2850NSE: [ssh-brute] Trying username/password pair: webadmin:
2851NSE: [ssh-brute] Trying username/password pair: sysadmin:
2852NSE: [ssh-brute] Trying username/password pair: netadmin:
2853NSE: [ssh-brute] Trying username/password pair: guest:
2854NSE: [ssh-brute] Trying username/password pair: user:
2855NSE: [ssh-brute] Trying username/password pair: web:
2856NSE: [ssh-brute] Trying username/password pair: test:
2857NSE: [ssh-brute] Trying username/password pair: root:123456
2858NSE: [ssh-brute] Trying username/password pair: admin:123456
2859NSE: [ssh-brute] Trying username/password pair: administrator:123456
2860NSE: [ssh-brute] Trying username/password pair: webadmin:123456
2861NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
2862NSE: [ssh-brute] Trying username/password pair: netadmin:123456
2863NSE: [ssh-brute] Trying username/password pair: guest:123456
2864NSE: [ssh-brute] Trying username/password pair: user:123456
2865NSE: [ssh-brute] Trying username/password pair: web:123456
2866NSE: [ssh-brute] Trying username/password pair: test:123456
2867NSE: [ssh-brute] Trying username/password pair: root:12345
2868NSE: [ssh-brute] Trying username/password pair: admin:12345
2869NSE: [ssh-brute] Trying username/password pair: administrator:12345
2870NSE: [ssh-brute] Trying username/password pair: webadmin:12345
2871NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
2872NSE: [ssh-brute] Trying username/password pair: netadmin:12345
2873NSE: [ssh-brute] Trying username/password pair: guest:12345
2874NSE: [ssh-brute] Trying username/password pair: user:12345
2875NSE: [ssh-brute] Trying username/password pair: web:12345
2876NSE: [ssh-brute] Trying username/password pair: test:12345
2877NSE: [ssh-brute] Trying username/password pair: root:123456789
2878NSE: [ssh-brute] Trying username/password pair: admin:123456789
2879NSE: [ssh-brute] Trying username/password pair: administrator:123456789
2880NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
2881NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
2882NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
2883NSE: [ssh-brute] Trying username/password pair: guest:123456789
2884NSE: [ssh-brute] Trying username/password pair: user:123456789
2885NSE: [ssh-brute] Trying username/password pair: web:123456789
2886NSE: [ssh-brute] Trying username/password pair: test:123456789
2887NSE: [ssh-brute] Trying username/password pair: root:password
2888NSE: [ssh-brute] Trying username/password pair: admin:password
2889NSE: [ssh-brute] Trying username/password pair: administrator:password
2890NSE: [ssh-brute] Trying username/password pair: webadmin:password
2891NSE: [ssh-brute] Trying username/password pair: sysadmin:password
2892NSE: [ssh-brute] Trying username/password pair: netadmin:password
2893NSE: [ssh-brute] Trying username/password pair: guest:password
2894NSE: [ssh-brute] Trying username/password pair: user:password
2895Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2896Host is up (0.29s latency).
2897
2898PORT STATE SERVICE VERSION
289922/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2900| ssh-auth-methods:
2901| Supported authentication methods:
2902| publickey
2903| gssapi-keyex
2904| gssapi-with-mic
2905|_ password
2906| ssh-hostkey:
2907| 1024 68:b1:66:a3:cd:70:82:a0:f2:0a:69:c3:44:a5:0b:51 (DSA)
2908|_ 2048 b1:6b:fc:86:7b:19:21:4b:95:c8:34:ad:ee:04:43:81 (RSA)
2909| ssh-publickey-acceptance:
2910|_ Accepted Public Keys: No public keys accepted
2911|_ssh-run: Failed to specify credentials and command to run.
2912Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2913Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.5 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%)
2914No exact OS matches for host (test conditions non-ideal).
2915Network Distance: 20 hops
2916
2917TRACEROUTE (using port 22/tcp)
2918HOP RTT ADDRESS
29191 348.75 ms 10.202.3.1
29202 348.77 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
29213 348.78 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
29224 348.79 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
29235 348.81 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
29246 348.83 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
29257 348.83 ms be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117)
29268 348.84 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
29279 317.67 ms ffm-bb1-link.telia.net (62.115.114.88)
292810 348.90 ms prs-bb3-link.telia.net (62.115.123.13)
292911 244.43 ms ash-bb3-link.telia.net (62.115.122.159)
293012 416.94 ms rest-b1-link.telia.net (62.115.117.116)
293113 416.94 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
293214 416.95 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
293315 ... 19
293420 406.28 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2935#######################################################################################################################################
2936Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:06 EDT
2937Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2938Host is up (0.24s latency).
2939
2940PORT STATE SERVICE VERSION
294125/tcp open smtp?
2942|_smtp-commands: Couldn't establish connection on port 25
2943| smtp-enum-users:
2944|_ Couldn't establish connection on port 25
2945|_smtp-open-relay: Couldn't establish connection on port 25
2946Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2947Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 - 3.13 (91%)
2948No exact OS matches for host (test conditions non-ideal).
2949Network Distance: 20 hops
2950
2951TRACEROUTE (using port 25/tcp)
2952HOP RTT ADDRESS
29531 184.63 ms 10.202.3.1
29542 184.65 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
29553 184.66 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
29564 184.67 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
29575 184.68 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
29586 184.70 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
29597 184.71 ms be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117)
29608 184.70 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
29619 296.37 ms ffm-bb2-link.telia.net (62.115.114.90)
296210 296.43 ms prs-bb4-link.telia.net (62.115.122.138)
296311 216.59 ms ash-bb2-link.telia.net (62.115.112.242)
296412 332.04 ms rest-b1-link.telia.net (62.115.121.216)
296513 332.04 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
296614 332.04 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
296715 ... 19
296820 220.91 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2969######################################################################################################################################
2970Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:10 EDT
2971Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2972Host is up (0.22s latency).
2973
2974PORT STATE SERVICE VERSION
297567/tcp filtered dhcps
297667/udp open|filtered dhcps
2977|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2978Too many fingerprints match this host to give specific OS details
2979Network Distance: 20 hops
2980
2981TRACEROUTE (using proto 1/icmp)
2982HOP RTT ADDRESS
29831 323.24 ms 10.202.3.1
29842 323.28 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
29853 323.30 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
29864 323.32 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
29875 323.34 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
29886 323.38 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
29897 323.41 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
29908 323.38 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
29919 323.45 ms ffm-bb1-link.telia.net (62.115.114.88)
299210 209.21 ms prs-bb3-link.telia.net (62.115.123.13)
299311 ...
299412 222.08 ms rest-b1-link.telia.net (62.115.121.216)
299513 335.71 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
299614 335.75 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
299715 ... 19
299820 335.69 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
2999######################################################################################################################################
3000Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:12 EDT
3001Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3002Host is up (0.19s latency).
3003
3004PORT STATE SERVICE VERSION
300568/tcp filtered dhcpc
300668/udp open|filtered dhcpc
3007Too many fingerprints match this host to give specific OS details
3008Network Distance: 20 hops
3009
3010TRACEROUTE (using proto 1/icmp)
3011HOP RTT ADDRESS
30121 320.74 ms 10.202.3.1
30132 320.78 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
30143 320.79 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
30154 320.81 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
30165 320.83 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
30176 320.85 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
30187 320.87 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
30198 320.87 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
30209 432.67 ms ffm-bb1-link.telia.net (62.115.114.88)
302110 209.19 ms prs-bb3-link.telia.net (62.115.123.13)
302211 ...
302312 348.83 ms rest-b1-link.telia.net (62.115.121.216)
302413 348.76 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
302514 348.79 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
302615 ... 19
302720 237.67 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3028######################################################################################################################################
3029Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:14 EDT
3030Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3031Host is up (0.21s latency).
3032
3033PORT STATE SERVICE VERSION
303469/tcp filtered tftp
303569/udp open|filtered tftp
3036Too many fingerprints match this host to give specific OS details
3037Network Distance: 20 hops
3038
3039TRACEROUTE (using proto 1/icmp)
3040HOP RTT ADDRESS
30411 323.24 ms 10.202.3.1
30422 323.32 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
30433 323.36 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
30444 323.39 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
30455 323.42 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
30466 323.47 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
30477 323.50 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
30488 323.47 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
30499 323.54 ms ffm-bb1-link.telia.net (62.115.114.88)
305010 208.53 ms prs-bb3-link.telia.net (62.115.123.13)
305111 ...
305212 334.23 ms rest-b1-link.telia.net (62.115.121.216)
305313 222.12 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
305414 334.16 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
305515 ... 19
305620 334.05 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3057#######################################################################################################################################
3058Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:19 EDT
3059NSE: [pop3-brute] usernames: Time limit 3m00s exceeded.
3060NSE: [pop3-brute] usernames: Time limit 3m00s exceeded.
3061NSE: [pop3-brute] passwords: Time limit 3m00s exceeded.
3062Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3063Host is up (0.25s latency).
3064
3065PORT STATE SERVICE VERSION
3066110/tcp open pop3 Dovecot pop3d
3067| pop3-brute:
3068| Accounts: No valid accounts found
3069|_ Statistics: Performed 212 guesses in 193 seconds, average tps: 1.1
3070|_pop3-capabilities: CAPA PIPELINING AUTH-RESP-CODE USER TOP SASL(PLAIN LOGIN) UIDL RESP-CODES STLS
3071Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3072Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 - 3.13 (91%), Linux 2.6.32 - 3.9 (91%)
3073No exact OS matches for host (test conditions non-ideal).
3074Network Distance: 20 hops
3075
3076TRACEROUTE (using port 110/tcp)
3077HOP RTT ADDRESS
30781 336.97 ms 10.202.3.1
30792 337.03 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
30803 337.06 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
30814 337.09 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
30825 337.11 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
30836 337.19 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
30847 337.18 ms be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117)
30858 337.17 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
30869 337.24 ms ffm-bb1-link.telia.net (62.115.114.88)
308710 208.04 ms prs-bb3-link.telia.net (62.115.123.13)
308811 ...
308912 206.24 ms rest-b1-link.telia.net (62.115.117.116)
309013 340.18 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
309114 340.21 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
309215 ... 19
309320 340.15 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3094#######################################################################################################################################
3095Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:23 EDT
3096Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3097Host is up (0.27s latency).
3098
3099PORT STATE SERVICE VERSION
3100123/tcp filtered ntp
3101123/udp open|filtered ntp
3102Too many fingerprints match this host to give specific OS details
3103Network Distance: 20 hops
3104
3105TRACEROUTE (using proto 1/icmp)
3106HOP RTT ADDRESS
31071 169.64 ms 10.202.3.1
31082 169.69 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
31093 169.71 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
31104 169.73 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
31115 169.76 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
31126 169.78 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
31137 169.81 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
31148 133.10 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
31159 281.77 ms ffm-bb1-link.telia.net (62.115.114.88)
311610 281.79 ms prs-bb3-link.telia.net (62.115.123.13)
311711 262.47 ms ash-bb2-link.telia.net (62.115.112.242)
311812 367.67 ms rest-b1-link.telia.net (62.115.121.216)
311913 367.70 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
312014 367.68 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
312115 ... 19
312220 485.52 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3123#######################################################################################################################################
3124Version: 2.0.0-static
3125OpenSSL 1.1.1e-dev xx XXX xxxx
3126
3127Connected to 107.180.28.114
3128
3129Testing SSL server 107.180.28.114 on port 443 using SNI name 107.180.28.114
3130
3131 SSL/TLS Protocols:
3132SSLv2 disabled
3133SSLv3 disabled
3134TLSv1.0 disabled
3135TLSv1.1 enabled
3136TLSv1.2 enabled
3137TLSv1.3 disabled
3138
3139 TLS Fallback SCSV:
3140Server supports TLS Fallback SCSV
3141
3142 TLS renegotiation:
3143Session renegotiation not supported
3144
3145 TLS Compression:
3146Compression disabled
3147
3148 Heartbleed:
3149TLSv1.2 not vulnerable to heartbleed
3150TLSv1.1 not vulnerable to heartbleed
3151
3152 Supported Server Cipher(s):
3153Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3154Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3155Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
3156Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
3157Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
3158Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
3159Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3160Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3161Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
3162Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
3163Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3164Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3165Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3166Accepted TLSv1.2 112 bits DHE-RSA-DES-CBC3-SHA DHE 2048 bits
3167Accepted TLSv1.2 256 bits AES256-GCM-SHA384
3168Accepted TLSv1.2 128 bits AES128-GCM-SHA256
3169Accepted TLSv1.2 256 bits AES256-SHA256
3170Accepted TLSv1.2 128 bits AES128-SHA256
3171Accepted TLSv1.2 256 bits AES256-SHA
3172Accepted TLSv1.2 128 bits AES128-SHA
3173Accepted TLSv1.2 112 bits DES-CBC3-SHA
3174Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3175Accepted TLSv1.2 256 bits CAMELLIA256-SHA
3176Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3177Accepted TLSv1.2 128 bits CAMELLIA128-SHA
3178Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3179Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3180Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3181Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3182Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
3183Accepted TLSv1.1 112 bits DHE-RSA-DES-CBC3-SHA DHE 2048 bits
3184Accepted TLSv1.1 256 bits AES256-SHA
3185Accepted TLSv1.1 128 bits AES128-SHA
3186Accepted TLSv1.1 112 bits DES-CBC3-SHA
3187Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3188Accepted TLSv1.1 256 bits CAMELLIA256-SHA
3189Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3190Accepted TLSv1.1 128 bits CAMELLIA128-SHA
3191
3192 Server Key Exchange Group(s):
3193TLSv1.2 141 bits sect283k1
3194TLSv1.2 141 bits sect283r1
3195TLSv1.2 204 bits sect409k1
3196TLSv1.2 204 bits sect409r1
3197TLSv1.2 285 bits sect571k1
3198TLSv1.2 285 bits sect571r1
3199TLSv1.2 128 bits secp256k1
3200TLSv1.2 128 bits secp256r1 (NIST P-256)
3201TLSv1.2 192 bits secp384r1 (NIST P-384)
3202TLSv1.2 260 bits secp521r1 (NIST P-521)
3203TLSv1.2 128 bits brainpoolP256r1
3204TLSv1.2 192 bits brainpoolP384r1
3205TLSv1.2 256 bits brainpoolP512r1
3206
3207 Server Signature Algorithm(s):
3208TLSv1.2 rsa_pkcs1_sha1
3209TLSv1.2 dsa_sha1
3210TLSv1.2 ecdsa_sha1
3211TLSv1.2 rsa_pkcs1_sha224
3212TLSv1.2 dsa_sha224
3213TLSv1.2 ecdsa_sha224
3214TLSv1.2 rsa_pkcs1_sha256
3215TLSv1.2 dsa_sha256
3216TLSv1.2 ecdsa_secp256r1_sha256
3217TLSv1.2 rsa_pkcs1_sha384
3218TLSv1.2 dsa_sha384
3219TLSv1.2 ecdsa_secp384r1_sha384
3220TLSv1.2 rsa_pkcs1_sha512
3221TLSv1.2 dsa_sha512
3222TLSv1.2 ecdsa_secp521r1_sha512
3223
3224 SSL Certificate:
3225Signature Algorithm: sha256WithRSAEncryption
3226RSA Key Strength: 2048
3227
3228Subject: *.prod.iad2.secureserver.net
3229Altnames: DNS:*.prod.iad2.secureserver.net, DNS:prod.iad2.secureserver.net
3230Issuer: Starfield Secure Certificate Authority - G2
3231
3232Not valid before: Jan 14 17:52:33 2020 GMT
3233Not valid after: Jan 14 17:52:33 2022 GMT
3234#######################################################################################################################################
3235Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:28 EDT
3236Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3237Host is up (0.24s latency).
3238
3239PORT STATE SERVICE VERSION
32403306/tcp open mysql MySQL 5.6.46-cll-lve
3241| mysql-enum:
3242| Valid usernames:
3243| root:<empty> - Valid credentials
3244| sysadmin:<empty> - Valid credentials
3245| user:<empty> - Valid credentials
3246| netadmin:<empty> - Valid credentials
3247| web:<empty> - Valid credentials
3248| guest:<empty> - Valid credentials
3249| administrator:<empty> - Valid credentials
3250| webadmin:<empty> - Valid credentials
3251| admin:<empty> - Valid credentials
3252| test:<empty> - Valid credentials
3253|_ Statistics: Performed 10 guesses in 2 seconds, average tps: 5.0
3254| mysql-info:
3255| Protocol: 10
3256| Version: 5.6.46-cll-lve
3257| Thread ID: 2685311
3258| Capabilities flags: 63487
3259| Some Capabilities: InteractiveClient, Support41Auth, LongColumnFlag, LongPassword, Speaks41ProtocolOld, SupportsTransactions, DontAllowDatabaseTableColumn, IgnoreSigpipes, Speaks41ProtocolNew, IgnoreSpaceBeforeParenthesis, FoundRows, SupportsCompression, SupportsLoadDataLocal, ODBCClient, ConnectWithDatabase, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
3260| Status: Autocommit
3261| Salt: ls|8>n2J]w_Uj6mCEp&j
3262|_ Auth Plugin Name: mysql_native_password
3263|_mysql-vuln-cve2012-2122: ERROR: Script execution failed (use -d to debug)
3264Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3265Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 - 3.13 (91%)
3266No exact OS matches for host (test conditions non-ideal).
3267Network Distance: 20 hops
3268
3269TRACEROUTE (using port 3306/tcp)
3270HOP RTT ADDRESS
32711 333.01 ms 10.202.3.1
32722 333.07 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
32733 333.10 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
32744 333.12 ms be3592.ccr52.zrh02.atlas.cogentco.com (154.54.37.150)
32755 333.15 ms be3073.ccr22.muc03.atlas.cogentco.com (130.117.0.62)
32766 333.20 ms be2960.ccr42.fra03.atlas.cogentco.com (154.54.36.253)
32777 333.23 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
32788 333.20 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
32799 333.27 ms ffm-bb1-link.telia.net (62.115.114.88)
328010 208.44 ms prs-bb3-link.telia.net (62.115.123.13)
328111 306.44 ms ash-bb3-link.telia.net (62.115.122.159)
328212 234.82 ms rest-b1-link.telia.net (62.115.117.116)
328313 234.81 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
328414 234.81 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
328515 ... 19
328620 234.74 ms ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3287#########################################################################################################################################
3288Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 09:54 EDT
3289Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
3290Host is up.
3291
3292PORT STATE SERVICE VERSION
329353/tcp filtered domain
329467/tcp filtered dhcps
329568/tcp filtered dhcpc
329669/tcp filtered tftp
329788/tcp filtered kerberos-sec
3298123/tcp filtered ntp
3299137/tcp filtered netbios-ns
3300138/tcp filtered netbios-dgm
3301139/tcp filtered netbios-ssn
3302161/tcp filtered snmp
3303162/tcp filtered snmptrap
3304389/tcp filtered ldap
3305520/tcp filtered efs
33062049/tcp filtered nfs
330753/udp open|filtered domain
330867/udp open|filtered dhcps
330968/udp open|filtered dhcpc
331069/udp open|filtered tftp
331188/udp open|filtered kerberos-sec
3312123/udp open|filtered ntp
3313137/udp open|filtered netbios-ns
3314138/udp open|filtered netbios-dgm
3315139/udp open|filtered netbios-ssn
3316161/udp open|filtered snmp
3317162/udp open|filtered snmptrap
3318389/udp open|filtered ldap
3319520/udp open|filtered route
33202049/udp open|filtered nfs
3321Too many fingerprints match this host to give specific OS details
3322
3323TRACEROUTE (using proto 1/icmp)
3324HOP RTT ADDRESS
33251 234.50 ms 10.202.3.1
33262 361.14 ms unn-84-17-52-126.cdn77.com (84.17.52.126)
33273 361.18 ms hu0-1-0-2.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.11.89.129)
33284 361.20 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
33295 361.23 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
33306 361.28 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
33317 361.27 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
33328 361.27 ms telia.fra03.atlas.cogentco.com (130.117.14.198)
33339 361.34 ms ffm-bb1-link.telia.net (62.115.114.88)
333410 361.38 ms prs-bb3-link.telia.net (62.115.123.13)
333511 ...
333612 215.36 ms rest-b1-link.telia.net (62.115.121.216)
333713 379.01 ms ae5.ibrsb0105-01.iad1.bb.godaddy.com (62.115.162.111)
333814 496.59 ms ip-184-168-6-83.ip.secureserver.net (184.168.6.83)
333915 ... 30
3340#######################################################################################################################################
3341Hosts
3342=====
3343
3344address mac name os_name os_flavor os_sp purpose info comments
3345------- --- ---- ------- --------- ----- ------- ---- --------
33463.83.211.23 ec2-3-83-211-23.compute-1.amazonaws.com embedded device
33473.216.98.236 ec2-3-216-98-236.compute-1.amazonaws.com Linux 3.X server
334834.224.171.238 ec2-34-224-171-238.compute-1.amazonaws.com Linux server
334934.236.0.217 ec2-34-236-0-217.compute-1.amazonaws.com Linux 3.X server
335037.1.207.121 teens-sins.net 2-Series 3.X device
335143.245.223.4 Linux 2.6.X server
335245.60.47.218 Linux 3.X server
335345.88.202.111 Linux 3.X server
335445.239.108.252 whale.ecohosting.cl Linux 3.X server
335552.1.2.24 ec2-52-1-2-24.compute-1.amazonaws.com Linux server
335652.1.174.10 ec2-52-1-174-10.compute-1.amazonaws.com Linux 3.X server
335752.52.234.222 ec2-52-52-234-222.us-west-1.compute.amazonaws.com Unknown device
335854.85.59.109 ec2-54-85-59-109.compute-1.amazonaws.com Linux 3.X server
335964.69.94.253 Unknown device
336069.163.233.4 ps54052.dreamhostps.com Linux 14.04 server
336174.117.180.192 embedded device
336282.94.222.131 Unknown device
336392.123.250.35 a92-123-250-35.deploy.static.akamaitechnologies.com embedded device
336492.123.250.65 a92-123-250-65.deploy.static.akamaitechnologies.com Linux 3.X server
3365104.244.73.40 Unknown device
3366104.244.76.231 Linux 3.X server
3367104.244.77.188 Linux 3.X server
3368104.244.79.89 Linux 3.X server
3369107.180.28.114 ip-107-180-28-114.ip.secureserver.net Unknown device
3370111.90.145.39 web16.support-emilid.com Linux 2.6.X server
3371143.95.110.248 ip-143-95-110-248.iplocal Linux 3.X server
3372149.126.72.220 149.126.72.220.ip.incapdns.net Linux 3.X server
3373151.106.38.107 ns3152160.ip-151-106-38.eu embedded device
3374158.69.13.254 ip254.ip-158-69-13.net 2-Series 2.6.X device
3375162.244.35.13 xnlog.com FreeBSD 7.X device
3376163.247.48.46 Unknown device
3377163.247.127.20 Unknown device
3378163.247.130.114 embedded device
3379165.22.143.229 Linux 2.6.X server
3380169.239.218.20 cp10.domains.co.za Linux 2.6.X server
3381173.214.244.169 173.214.244.169.serverel.net Unknown device
3382174.142.53.51 mail.marineland.ca Linux 3.X server
3383186.64.118.40 mail.blue127.dnsmisitio.net embedded device
3384190.98.209.37 static.190.98.209.37.gtdinternet.com Unknown device
3385190.107.177.35 srv25.cpanelhost.cl Linux 2.6.X server
3386190.110.121.175 todofutbol.hn.cl Unknown device
3387190.153.209.187 static.190.153.209.187.gtdinternet.com Unknown device
3388190.153.219.254 mail.evopoli.cl Linux 3.X server
3389192.185.134.58 ns36.accountservergroup.com Linux 3.X server
3390200.2.249.28 Linux 3.X server
3391200.29.0.33 cp33.puntoweb.cl Unknown device
3392200.54.92.108 Linux 9.0 server
3393200.55.198.228 Linux 2.4.X server
3394200.68.34.99 Unknown device
3395200.73.54.34 mail.maxtel.cl Linux 2.6.X server
3396200.91.40.252 200-91-40-252.avz.cl Unknown device
3397200.126.100.83 toqui.gorearaucania.cl Unknown device
3398201.159.170.136 soloweb.sinc.cl Unknown device
3399204.93.193.141 suzuka.mochahost.com Unknown device
3400206.48.140.40 Unknown device
3401207.246.147.189 2-Series device
3402207.246.147.190 Linux 4.X server
3403207.246.147.247 Linux 4.X server
3404207.246.147.248 Linux 4.X server
3405211.13.196.135 sv3.isle.ne.jp Linux 2.6.X server
3406212.174.0.150 Windows 2012 server
3407216.172.184.117 Linux 3.X server
3408218.45.5.97 www.town.koya.wakayama.jp Linux 2.6.X server
3409#######################################################################################################################################
3410Services
3411========
3412
3413host port proto name state info
3414---- ---- ----- ---- ----- ----
34153.83.211.23 53 tcp domain filtered
34163.83.211.23 53 udp domain unknown
34173.83.211.23 67 tcp dhcps filtered
34183.83.211.23 67 udp dhcps unknown
34193.83.211.23 68 tcp dhcpc filtered
34203.83.211.23 68 udp dhcpc unknown
34213.83.211.23 69 tcp tftp filtered
34223.83.211.23 69 udp tftp unknown
34233.83.211.23 80 tcp http open Microsoft IIS httpd 10.0
34243.83.211.23 88 tcp kerberos-sec filtered
34253.83.211.23 88 udp kerberos-sec unknown
34263.83.211.23 123 tcp ntp filtered
34273.83.211.23 123 udp ntp unknown
34283.83.211.23 137 tcp netbios-ns filtered
34293.83.211.23 137 udp netbios-ns unknown
34303.83.211.23 138 tcp netbios-dgm filtered
34313.83.211.23 138 udp netbios-dgm unknown
34323.83.211.23 139 tcp netbios-ssn filtered
34333.83.211.23 139 udp netbios-ssn unknown
34343.83.211.23 161 tcp snmp filtered
34353.83.211.23 161 udp snmp unknown
34363.83.211.23 162 tcp snmptrap filtered
34373.83.211.23 162 udp snmptrap unknown
34383.83.211.23 389 tcp ldap filtered
34393.83.211.23 389 udp ldap unknown
34403.83.211.23 443 tcp ssl/http open Microsoft IIS httpd 10.0
34413.83.211.23 520 tcp efs filtered
34423.83.211.23 520 udp route unknown
34433.83.211.23 2049 tcp nfs filtered
34443.83.211.23 2049 udp nfs unknown
34453.216.98.236 53 tcp domain filtered
34463.216.98.236 53 udp domain unknown
34473.216.98.236 67 tcp dhcps filtered
34483.216.98.236 67 udp dhcps unknown
34493.216.98.236 68 tcp dhcpc filtered
34503.216.98.236 68 udp dhcpc unknown
34513.216.98.236 69 tcp tftp filtered
34523.216.98.236 69 udp tftp unknown
34533.216.98.236 80 tcp http open Microsoft IIS httpd 10.0
34543.216.98.236 88 tcp kerberos-sec filtered
34553.216.98.236 88 udp kerberos-sec unknown
34563.216.98.236 123 tcp ntp filtered
34573.216.98.236 123 udp ntp unknown
34583.216.98.236 137 tcp netbios-ns filtered
34593.216.98.236 137 udp netbios-ns unknown
34603.216.98.236 138 tcp netbios-dgm filtered
34613.216.98.236 138 udp netbios-dgm unknown
34623.216.98.236 139 tcp netbios-ssn filtered
34633.216.98.236 139 udp netbios-ssn unknown
34643.216.98.236 161 tcp snmp filtered
34653.216.98.236 161 udp snmp unknown
34663.216.98.236 162 tcp snmptrap filtered
34673.216.98.236 162 udp snmptrap unknown
34683.216.98.236 389 tcp ldap filtered
34693.216.98.236 389 udp ldap unknown
34703.216.98.236 443 tcp ssl/http open Microsoft IIS httpd 10.0
34713.216.98.236 520 tcp efs filtered
34723.216.98.236 520 udp route unknown
34733.216.98.236 2049 tcp nfs filtered
34743.216.98.236 2049 udp nfs unknown
347534.224.171.238 53 tcp domain filtered
347634.224.171.238 53 udp domain unknown
347734.224.171.238 67 tcp dhcps filtered
347834.224.171.238 67 udp dhcps unknown
347934.224.171.238 68 tcp dhcpc filtered
348034.224.171.238 68 udp dhcpc unknown
348134.224.171.238 69 tcp tftp filtered
348234.224.171.238 69 udp tftp unknown
348334.224.171.238 80 tcp http open Apache httpd 2.4.29 (Ubuntu)
348434.224.171.238 88 tcp kerberos-sec filtered
348534.224.171.238 88 udp kerberos-sec unknown
348634.224.171.238 123 tcp ntp filtered
348734.224.171.238 123 udp ntp unknown
348834.224.171.238 137 tcp netbios-ns filtered
348934.224.171.238 137 udp netbios-ns unknown
349034.224.171.238 138 tcp netbios-dgm filtered
349134.224.171.238 138 udp netbios-dgm unknown
349234.224.171.238 139 tcp netbios-ssn filtered
349334.224.171.238 139 udp netbios-ssn unknown
349434.224.171.238 161 tcp snmp filtered
349534.224.171.238 161 udp snmp unknown
349634.224.171.238 162 tcp snmptrap filtered
349734.224.171.238 162 udp snmptrap unknown
349834.224.171.238 389 tcp ldap filtered
349934.224.171.238 389 udp ldap unknown
350034.224.171.238 443 tcp ssl/http open Apache httpd 2.4.29 (Ubuntu)
350134.224.171.238 520 tcp efs filtered
350234.224.171.238 520 udp route unknown
350334.224.171.238 2049 tcp nfs filtered
350434.224.171.238 2049 udp nfs unknown
350534.236.0.217 53 tcp domain filtered
350634.236.0.217 53 udp domain unknown
350734.236.0.217 67 tcp dhcps filtered
350834.236.0.217 67 udp dhcps unknown
350934.236.0.217 68 tcp dhcpc filtered
351034.236.0.217 68 udp dhcpc unknown
351134.236.0.217 69 tcp tftp filtered
351234.236.0.217 69 udp tftp unknown
351334.236.0.217 80 tcp http open nginx
351434.236.0.217 88 tcp kerberos-sec filtered
351534.236.0.217 88 udp kerberos-sec unknown
351634.236.0.217 123 tcp ntp filtered
351734.236.0.217 123 udp ntp unknown
351834.236.0.217 137 tcp netbios-ns filtered
351934.236.0.217 137 udp netbios-ns unknown
352034.236.0.217 138 tcp netbios-dgm filtered
352134.236.0.217 138 udp netbios-dgm unknown
352234.236.0.217 139 tcp netbios-ssn filtered
352334.236.0.217 139 udp netbios-ssn unknown
352434.236.0.217 161 tcp snmp filtered
352534.236.0.217 161 udp snmp unknown
352634.236.0.217 162 tcp snmptrap filtered
352734.236.0.217 162 udp snmptrap unknown
352834.236.0.217 389 tcp ldap filtered
352934.236.0.217 389 udp ldap unknown
353034.236.0.217 443 tcp ssl/http open nginx
353134.236.0.217 520 tcp efs filtered
353234.236.0.217 520 udp route unknown
353334.236.0.217 2049 tcp nfs filtered
353434.236.0.217 2049 udp nfs unknown
353537.1.207.121 53 tcp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
353637.1.207.121 53 udp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
353737.1.207.121 67 tcp dhcps filtered
353837.1.207.121 67 udp dhcps unknown
353937.1.207.121 68 tcp dhcpc filtered
354037.1.207.121 68 udp dhcpc filtered
354137.1.207.121 69 tcp tftp filtered
354237.1.207.121 69 udp tftp unknown
354337.1.207.121 88 tcp kerberos-sec filtered
354437.1.207.121 88 udp kerberos-sec filtered
354537.1.207.121 123 tcp ntp filtered
354637.1.207.121 123 udp ntp unknown
354737.1.207.121 137 tcp netbios-ns filtered
354837.1.207.121 137 udp netbios-ns unknown
354937.1.207.121 138 tcp netbios-dgm filtered
355037.1.207.121 138 udp netbios-dgm unknown
355137.1.207.121 139 tcp netbios-ssn filtered
355237.1.207.121 139 udp netbios-ssn unknown
355337.1.207.121 161 tcp snmp filtered
355437.1.207.121 161 udp snmp unknown
355537.1.207.121 162 tcp snmptrap filtered
355637.1.207.121 162 udp snmptrap unknown
355737.1.207.121 389 tcp ldap filtered
355837.1.207.121 389 udp ldap unknown
355937.1.207.121 520 tcp efs filtered
356037.1.207.121 520 udp route unknown
356137.1.207.121 2049 tcp nfs filtered
356237.1.207.121 2049 udp nfs filtered
356343.245.223.4 80 tcp http open nginx
356443.245.223.4 443 tcp ssl/http open nginx
356543.245.223.4 32022 tcp ssh open OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 Ubuntu Linux; protocol 2.0
356645.60.47.218 25 tcp http open Incapsula CDN httpd
356745.60.47.218 53 tcp domain open
356845.60.47.218 53 udp domain open
356945.60.47.218 67 udp dhcps unknown
357045.60.47.218 68 udp dhcpc unknown
357145.60.47.218 69 udp tftp unknown
357245.60.47.218 80 tcp http open Incapsula CDN httpd
357345.60.47.218 81 tcp http open Incapsula CDN httpd
357445.60.47.218 85 tcp http open Incapsula CDN httpd
357545.60.47.218 88 tcp http open Incapsula CDN httpd
357645.60.47.218 88 udp kerberos-sec unknown
357745.60.47.218 123 udp ntp unknown
357845.60.47.218 137 udp netbios-ns unknown
357945.60.47.218 138 udp netbios-dgm unknown
358045.60.47.218 139 udp netbios-ssn unknown
358145.60.47.218 161 udp snmp unknown
358245.60.47.218 162 udp snmptrap unknown
358345.60.47.218 389 tcp ssl/http open Incapsula CDN httpd
358445.60.47.218 389 udp ldap unknown
358545.60.47.218 443 tcp ssl/http open Incapsula CDN httpd
358645.60.47.218 444 tcp ssl/http open Incapsula CDN httpd
358745.60.47.218 445 tcp ssl/http open Incapsula CDN httpd
358845.60.47.218 446 tcp http open Incapsula CDN httpd
358945.60.47.218 520 udp route unknown
359045.60.47.218 587 tcp http open Incapsula CDN httpd
359145.60.47.218 631 tcp http open Incapsula CDN httpd
359245.60.47.218 888 tcp http open Incapsula CDN httpd
359345.60.47.218 995 tcp ssl/http open Incapsula CDN httpd
359445.60.47.218 998 tcp ssl/http open Incapsula CDN httpd
359545.60.47.218 999 tcp http open Incapsula CDN httpd
359645.60.47.218 1000 tcp http open Incapsula CDN httpd
359745.60.47.218 1024 tcp http open Incapsula CDN httpd
359845.60.47.218 1103 tcp http open Incapsula CDN httpd
359945.60.47.218 1234 tcp http open Incapsula CDN httpd
360045.60.47.218 1433 tcp http open Incapsula CDN httpd
360145.60.47.218 1494 tcp http open Incapsula CDN httpd
360245.60.47.218 2000 tcp ssl/http open Incapsula CDN httpd
360345.60.47.218 2001 tcp http open Incapsula CDN httpd
360445.60.47.218 2049 tcp http open Incapsula CDN httpd
360545.60.47.218 2049 udp nfs unknown
360645.60.47.218 2067 tcp http open Incapsula CDN httpd
360745.60.47.218 2100 tcp ssl/http open Incapsula CDN httpd
360845.60.47.218 2222 tcp http open Incapsula CDN httpd
360945.60.47.218 2598 tcp http open Incapsula CDN httpd
361045.60.47.218 3000 tcp http open Incapsula CDN httpd
361145.60.47.218 3050 tcp http open Incapsula CDN httpd
361245.60.47.218 3057 tcp http open Incapsula CDN httpd
361345.60.47.218 3299 tcp http open Incapsula CDN httpd
361445.60.47.218 3306 tcp ssl/http open Incapsula CDN httpd
361545.60.47.218 3333 tcp http open Incapsula CDN httpd
361645.60.47.218 3389 tcp ssl/http open Incapsula CDN httpd
361745.60.47.218 3500 tcp http open Incapsula CDN httpd
361845.60.47.218 3790 tcp http open Incapsula CDN httpd
361945.60.47.218 4000 tcp http open Incapsula CDN httpd
362045.60.47.218 4444 tcp ssl/http open Incapsula CDN httpd
362145.60.47.218 4445 tcp ssl/http open Incapsula CDN httpd
362245.60.47.218 4848 tcp http open Incapsula CDN httpd
362345.60.47.218 5000 tcp http open Incapsula CDN httpd
362445.60.47.218 5009 tcp http open Incapsula CDN httpd
362545.60.47.218 5051 tcp ssl/http open Incapsula CDN httpd
362645.60.47.218 5060 tcp ssl/http open Incapsula CDN httpd
362745.60.47.218 5061 tcp ssl/http open Incapsula CDN httpd
362845.60.47.218 5227 tcp ssl/http open Incapsula CDN httpd
362945.60.47.218 5247 tcp ssl/http open Incapsula CDN httpd
363045.60.47.218 5250 tcp ssl/http open Incapsula CDN httpd
363145.60.47.218 5555 tcp http open Incapsula CDN httpd
363245.60.47.218 5900 tcp http open Incapsula CDN httpd
363345.60.47.218 5901 tcp ssl/http open Incapsula CDN httpd
363445.60.47.218 5902 tcp ssl/http open Incapsula CDN httpd
363545.60.47.218 5903 tcp ssl/http open Incapsula CDN httpd
363645.60.47.218 5904 tcp ssl/http open Incapsula CDN httpd
363745.60.47.218 5905 tcp ssl/http open Incapsula CDN httpd
363845.60.47.218 5906 tcp ssl/http open Incapsula CDN httpd
363945.60.47.218 5907 tcp ssl/http open Incapsula CDN httpd
364045.60.47.218 5908 tcp ssl/http open Incapsula CDN httpd
364145.60.47.218 5909 tcp ssl/http open Incapsula CDN httpd
364245.60.47.218 5910 tcp ssl/http open Incapsula CDN httpd
364345.60.47.218 5920 tcp ssl/http open Incapsula CDN httpd
364445.60.47.218 5984 tcp ssl/http open Incapsula CDN httpd
364545.60.47.218 5985 tcp http open Incapsula CDN httpd
364645.60.47.218 5986 tcp ssl/http open Incapsula CDN httpd
364745.60.47.218 5999 tcp ssl/http open Incapsula CDN httpd
364845.60.47.218 6000 tcp http open Incapsula CDN httpd
364945.60.47.218 6060 tcp http open Incapsula CDN httpd
365045.60.47.218 6161 tcp http open Incapsula CDN httpd
365145.60.47.218 6379 tcp http open Incapsula CDN httpd
365245.60.47.218 6661 tcp ssl/http open Incapsula CDN httpd
365345.60.47.218 6789 tcp http open Incapsula CDN httpd
365445.60.47.218 7000 tcp ssl/http open Incapsula CDN httpd
365545.60.47.218 7001 tcp http open Incapsula CDN httpd
365645.60.47.218 7021 tcp http open Incapsula CDN httpd
365745.60.47.218 7071 tcp ssl/http open Incapsula CDN httpd
365845.60.47.218 7080 tcp http open Incapsula CDN httpd
365945.60.47.218 7272 tcp ssl/http open Incapsula CDN httpd
366045.60.47.218 7443 tcp ssl/http open Incapsula CDN httpd
366145.60.47.218 7700 tcp http open Incapsula CDN httpd
366245.60.47.218 7777 tcp http open Incapsula CDN httpd
366345.60.47.218 7778 tcp http open Incapsula CDN httpd
366445.60.47.218 8000 tcp http open Incapsula CDN httpd
366545.60.47.218 8001 tcp http open Incapsula CDN httpd
366645.60.47.218 8008 tcp http open Incapsula CDN httpd
366745.60.47.218 8014 tcp http open Incapsula CDN httpd
366845.60.47.218 8020 tcp http open Incapsula CDN httpd
366945.60.47.218 8023 tcp http open Incapsula CDN httpd
367045.60.47.218 8028 tcp http open Incapsula CDN httpd
367145.60.47.218 8030 tcp http open Incapsula CDN httpd
367245.60.47.218 8050 tcp http open Incapsula CDN httpd
367345.60.47.218 8051 tcp http open Incapsula CDN httpd
367445.60.47.218 8080 tcp http open Incapsula CDN httpd
367545.60.47.218 8081 tcp http open Incapsula CDN httpd
367645.60.47.218 8082 tcp http open Incapsula CDN httpd
367745.60.47.218 8085 tcp http open Incapsula CDN httpd
367845.60.47.218 8086 tcp http open Incapsula CDN httpd
367945.60.47.218 8087 tcp http open Incapsula CDN httpd
368045.60.47.218 8088 tcp http open Incapsula CDN httpd
368145.60.47.218 8090 tcp http open Incapsula CDN httpd
368245.60.47.218 8091 tcp http open Incapsula CDN httpd
368345.60.47.218 8095 tcp http open Incapsula CDN httpd
368445.60.47.218 8101 tcp http open Incapsula CDN httpd
368545.60.47.218 8161 tcp http open Incapsula CDN httpd
368645.60.47.218 8180 tcp http open Incapsula CDN httpd
368745.60.47.218 8222 tcp http open Incapsula CDN httpd
368845.60.47.218 8333 tcp http open Incapsula CDN httpd
368945.60.47.218 8443 tcp ssl/http open Incapsula CDN httpd
369045.60.47.218 8444 tcp http open Incapsula CDN httpd
369145.60.47.218 8445 tcp http open Incapsula CDN httpd
369245.60.47.218 8503 tcp ssl/http open Incapsula CDN httpd
369345.60.47.218 8686 tcp http open Incapsula CDN httpd
369445.60.47.218 8701 tcp ssl/http open Incapsula CDN httpd
369545.60.47.218 8787 tcp http open Incapsula CDN httpd
369645.60.47.218 8800 tcp http open Incapsula CDN httpd
369745.60.47.218 8812 tcp http open Incapsula CDN httpd
369845.60.47.218 8834 tcp http open Incapsula CDN httpd
369945.60.47.218 8880 tcp http open Incapsula CDN httpd
370045.60.47.218 8888 tcp http open Incapsula CDN httpd
370145.60.47.218 8889 tcp http open Incapsula CDN httpd
370245.60.47.218 8890 tcp http open Incapsula CDN httpd
370345.60.47.218 8899 tcp http open Incapsula CDN httpd
370445.60.47.218 8901 tcp http open Incapsula CDN httpd
370545.60.47.218 8902 tcp http open Incapsula CDN httpd
370645.60.47.218 8999 tcp http open Incapsula CDN httpd
370745.60.47.218 9000 tcp http open Incapsula CDN httpd
370845.60.47.218 9001 tcp http open Incapsula CDN httpd
370945.60.47.218 9002 tcp http open Incapsula CDN httpd
371045.60.47.218 9003 tcp http open Incapsula CDN httpd
371145.60.47.218 9004 tcp http open Incapsula CDN httpd
371245.60.47.218 9005 tcp http open Incapsula CDN httpd
371345.60.47.218 9010 tcp http open Incapsula CDN httpd
371445.60.47.218 9050 tcp http open Incapsula CDN httpd
371545.60.47.218 9080 tcp http open Incapsula CDN httpd
371645.60.47.218 9081 tcp ssl/http open Incapsula CDN httpd
371745.60.47.218 9084 tcp http open Incapsula CDN httpd
371845.60.47.218 9090 tcp http open Incapsula CDN httpd
371945.60.47.218 9099 tcp http open Incapsula CDN httpd
372045.60.47.218 9100 tcp jetdirect open
372145.60.47.218 9111 tcp http open Incapsula CDN httpd
372245.60.47.218 9200 tcp http open Incapsula CDN httpd
372345.60.47.218 9300 tcp http open Incapsula CDN httpd
372445.60.47.218 9500 tcp http open Incapsula CDN httpd
372545.60.47.218 9711 tcp ssl/http open Incapsula CDN httpd
372645.60.47.218 9991 tcp http open Incapsula CDN httpd
372745.60.47.218 9999 tcp http open Incapsula CDN httpd
372845.60.47.218 10000 tcp http open Incapsula CDN httpd
372945.60.47.218 10001 tcp http open Incapsula CDN httpd
373045.60.47.218 10008 tcp http open Incapsula CDN httpd
373145.60.47.218 10443 tcp ssl/http open Incapsula CDN httpd
373245.60.47.218 11001 tcp ssl/http open Incapsula CDN httpd
373345.60.47.218 12174 tcp http open Incapsula CDN httpd
373445.60.47.218 12203 tcp http open Incapsula CDN httpd
373545.60.47.218 12221 tcp http open Incapsula CDN httpd
373645.60.47.218 12345 tcp http open Incapsula CDN httpd
373745.60.47.218 12397 tcp http open Incapsula CDN httpd
373845.60.47.218 12401 tcp http open Incapsula CDN httpd
373945.60.47.218 14330 tcp http open Incapsula CDN httpd
374045.60.47.218 16000 tcp http open Incapsula CDN httpd
374145.60.47.218 20000 tcp http open Incapsula CDN httpd
374245.60.47.218 20010 tcp ssl/http open Incapsula CDN httpd
374345.60.47.218 25000 tcp ssl/http open Incapsula CDN httpd
374445.60.47.218 30000 tcp http open Incapsula CDN httpd
374545.60.47.218 44334 tcp ssl/http open Incapsula CDN httpd
374645.60.47.218 50000 tcp http open Incapsula CDN httpd
374745.60.47.218 50001 tcp ssl/http open Incapsula CDN httpd
374845.60.47.218 50050 tcp ssl/http open Incapsula CDN httpd
374945.88.202.111 22 tcp ssh open OpenSSH 7.9p1 Debian 10+deb10u1 protocol 2.0
375045.88.202.111 53 tcp domain open PowerDNS Authoritative Server 4.2.0-rc3
375145.88.202.111 53 udp domain open PowerDNS Authoritative Server 4.2.0-rc3
375245.88.202.111 67 tcp dhcps closed
375345.88.202.111 67 udp dhcps unknown
375445.88.202.111 68 tcp dhcpc closed
375545.88.202.111 68 udp dhcpc unknown
375645.88.202.111 69 tcp tftp closed
375745.88.202.111 69 udp tftp closed
375845.88.202.111 80 tcp http open nginx
375945.88.202.111 88 tcp kerberos-sec closed
376045.88.202.111 88 udp kerberos-sec unknown
376145.88.202.111 123 tcp ntp closed
376245.88.202.111 123 udp ntp closed
376345.88.202.111 137 tcp netbios-ns closed
376445.88.202.111 137 udp netbios-ns filtered
376545.88.202.111 138 tcp netbios-dgm closed
376645.88.202.111 138 udp netbios-dgm filtered
376745.88.202.111 139 tcp netbios-ssn closed
376845.88.202.111 139 udp netbios-ssn closed
376945.88.202.111 161 tcp snmp closed
377045.88.202.111 161 udp snmp closed
377145.88.202.111 162 tcp snmptrap closed
377245.88.202.111 162 udp snmptrap closed
377345.88.202.111 179 tcp bgp filtered
377445.88.202.111 389 tcp ldap closed
377545.88.202.111 389 udp ldap unknown
377645.88.202.111 443 tcp ssl/http open nginx
377745.88.202.111 520 tcp efs closed
377845.88.202.111 520 udp route unknown
377945.88.202.111 2049 tcp nfs closed
378045.88.202.111 2049 udp nfs closed
378145.88.202.111 10050 tcp tcpwrapped open
378245.239.108.252 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
378345.239.108.252 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
378445.239.108.252 67 tcp dhcps filtered
378545.239.108.252 67 udp dhcps unknown
378645.239.108.252 68 tcp dhcpc filtered
378745.239.108.252 68 udp dhcpc unknown
378845.239.108.252 69 tcp tftp filtered
378945.239.108.252 69 udp tftp unknown
379045.239.108.252 88 tcp kerberos-sec filtered
379145.239.108.252 88 udp kerberos-sec unknown
379245.239.108.252 123 tcp ntp filtered
379345.239.108.252 123 udp ntp unknown
379445.239.108.252 137 tcp netbios-ns filtered
379545.239.108.252 137 udp netbios-ns unknown
379645.239.108.252 138 tcp netbios-dgm filtered
379745.239.108.252 138 udp netbios-dgm unknown
379845.239.108.252 139 tcp netbios-ssn filtered
379945.239.108.252 139 udp netbios-ssn unknown
380045.239.108.252 161 tcp snmp filtered
380145.239.108.252 161 udp snmp unknown
380245.239.108.252 162 tcp snmptrap filtered
380345.239.108.252 162 udp snmptrap unknown
380445.239.108.252 389 tcp ldap filtered
380545.239.108.252 389 udp ldap unknown
380645.239.108.252 520 tcp efs filtered
380745.239.108.252 520 udp route unknown
380845.239.108.252 2049 tcp nfs filtered
380945.239.108.252 2049 udp nfs unknown
381052.1.2.24 53 tcp domain filtered
381152.1.2.24 53 udp domain unknown
381252.1.2.24 67 tcp dhcps filtered
381352.1.2.24 67 udp dhcps unknown
381452.1.2.24 68 tcp dhcpc filtered
381552.1.2.24 68 udp dhcpc unknown
381652.1.2.24 69 tcp tftp filtered
381752.1.2.24 69 udp tftp unknown
381852.1.2.24 80 tcp http open Apache httpd 2.4.29 (Ubuntu)
381952.1.2.24 88 tcp kerberos-sec filtered
382052.1.2.24 88 udp kerberos-sec unknown
382152.1.2.24 123 tcp ntp filtered
382252.1.2.24 123 udp ntp unknown
382352.1.2.24 137 tcp netbios-ns filtered
382452.1.2.24 137 udp netbios-ns unknown
382552.1.2.24 138 tcp netbios-dgm filtered
382652.1.2.24 138 udp netbios-dgm unknown
382752.1.2.24 139 tcp netbios-ssn filtered
382852.1.2.24 139 udp netbios-ssn unknown
382952.1.2.24 161 tcp snmp filtered
383052.1.2.24 161 udp snmp unknown
383152.1.2.24 162 tcp snmptrap filtered
383252.1.2.24 162 udp snmptrap unknown
383352.1.2.24 389 tcp ldap filtered
383452.1.2.24 389 udp ldap unknown
383552.1.2.24 443 tcp ssl/http open Apache httpd 2.4.29 (Ubuntu)
383652.1.2.24 520 tcp efs filtered
383752.1.2.24 520 udp route unknown
383852.1.2.24 2049 tcp nfs filtered
383952.1.2.24 2049 udp nfs unknown
384052.1.174.10 53 tcp domain filtered
384152.1.174.10 53 udp domain unknown
384252.1.174.10 67 tcp dhcps filtered
384352.1.174.10 67 udp dhcps unknown
384452.1.174.10 68 tcp dhcpc filtered
384552.1.174.10 68 udp dhcpc unknown
384652.1.174.10 69 tcp tftp filtered
384752.1.174.10 69 udp tftp unknown
384852.1.174.10 80 tcp http open nginx
384952.1.174.10 88 tcp kerberos-sec filtered
385052.1.174.10 88 udp kerberos-sec unknown
385152.1.174.10 123 tcp ntp filtered
385252.1.174.10 123 udp ntp unknown
385352.1.174.10 137 tcp netbios-ns filtered
385452.1.174.10 137 udp netbios-ns unknown
385552.1.174.10 138 tcp netbios-dgm filtered
385652.1.174.10 138 udp netbios-dgm unknown
385752.1.174.10 139 tcp netbios-ssn filtered
385852.1.174.10 139 udp netbios-ssn unknown
385952.1.174.10 161 tcp snmp filtered
386052.1.174.10 161 udp snmp unknown
386152.1.174.10 162 tcp snmptrap filtered
386252.1.174.10 162 udp snmptrap unknown
386352.1.174.10 389 tcp ldap filtered
386452.1.174.10 389 udp ldap unknown
386552.1.174.10 443 tcp ssl/http open nginx
386652.1.174.10 520 tcp efs filtered
386752.1.174.10 520 udp route unknown
386852.1.174.10 2049 tcp nfs filtered
386952.1.174.10 2049 udp nfs unknown
387052.52.234.222 53 tcp domain filtered
387152.52.234.222 53 udp domain unknown
387252.52.234.222 67 tcp dhcps filtered
387352.52.234.222 67 udp dhcps unknown
387452.52.234.222 68 tcp dhcpc filtered
387552.52.234.222 68 udp dhcpc unknown
387652.52.234.222 69 tcp tftp filtered
387752.52.234.222 69 udp tftp unknown
387852.52.234.222 88 tcp kerberos-sec filtered
387952.52.234.222 88 udp kerberos-sec unknown
388052.52.234.222 123 tcp ntp filtered
388152.52.234.222 123 udp ntp unknown
388252.52.234.222 137 tcp netbios-ns filtered
388352.52.234.222 137 udp netbios-ns unknown
388452.52.234.222 138 tcp netbios-dgm filtered
388552.52.234.222 138 udp netbios-dgm unknown
388652.52.234.222 139 tcp netbios-ssn filtered
388752.52.234.222 139 udp netbios-ssn unknown
388852.52.234.222 161 tcp snmp filtered
388952.52.234.222 161 udp snmp unknown
389052.52.234.222 162 tcp snmptrap filtered
389152.52.234.222 162 udp snmptrap unknown
389252.52.234.222 389 tcp ldap filtered
389352.52.234.222 389 udp ldap unknown
389452.52.234.222 520 tcp efs filtered
389552.52.234.222 520 udp route unknown
389652.52.234.222 2049 tcp nfs filtered
389752.52.234.222 2049 udp nfs unknown
389854.85.59.109 53 tcp domain filtered
389954.85.59.109 53 udp domain unknown
390054.85.59.109 67 tcp dhcps filtered
390154.85.59.109 67 udp dhcps unknown
390254.85.59.109 68 tcp dhcpc filtered
390354.85.59.109 68 udp dhcpc unknown
390454.85.59.109 69 tcp tftp filtered
390554.85.59.109 69 udp tftp unknown
390654.85.59.109 80 tcp http open nginx
390754.85.59.109 88 tcp kerberos-sec filtered
390854.85.59.109 88 udp kerberos-sec unknown
390954.85.59.109 123 tcp ntp filtered
391054.85.59.109 123 udp ntp unknown
391154.85.59.109 137 tcp netbios-ns filtered
391254.85.59.109 137 udp netbios-ns unknown
391354.85.59.109 138 tcp netbios-dgm filtered
391454.85.59.109 138 udp netbios-dgm unknown
391554.85.59.109 139 tcp netbios-ssn filtered
391654.85.59.109 139 udp netbios-ssn unknown
391754.85.59.109 161 tcp snmp filtered
391854.85.59.109 161 udp snmp unknown
391954.85.59.109 162 tcp snmptrap filtered
392054.85.59.109 162 udp snmptrap unknown
392154.85.59.109 389 tcp ldap filtered
392254.85.59.109 389 udp ldap unknown
392354.85.59.109 443 tcp ssl/http open nginx
392454.85.59.109 520 tcp efs filtered
392554.85.59.109 520 udp route unknown
392654.85.59.109 2049 tcp nfs filtered
392754.85.59.109 2049 udp nfs unknown
392864.69.94.253 53 tcp domain filtered
392964.69.94.253 53 udp domain unknown
393064.69.94.253 67 tcp dhcps filtered
393164.69.94.253 67 udp dhcps unknown
393264.69.94.253 68 tcp dhcpc filtered
393364.69.94.253 68 udp dhcpc unknown
393464.69.94.253 69 tcp tftp filtered
393564.69.94.253 69 udp tftp unknown
393664.69.94.253 88 tcp kerberos-sec filtered
393764.69.94.253 88 udp kerberos-sec unknown
393864.69.94.253 123 tcp ntp filtered
393964.69.94.253 123 udp ntp unknown
394064.69.94.253 137 tcp netbios-ns filtered
394164.69.94.253 137 udp netbios-ns unknown
394264.69.94.253 138 tcp netbios-dgm filtered
394364.69.94.253 138 udp netbios-dgm unknown
394464.69.94.253 139 tcp netbios-ssn filtered
394564.69.94.253 139 udp netbios-ssn unknown
394664.69.94.253 161 tcp snmp filtered
394764.69.94.253 161 udp snmp unknown
394864.69.94.253 162 tcp snmptrap filtered
394964.69.94.253 162 udp snmptrap unknown
395064.69.94.253 389 tcp ldap filtered
395164.69.94.253 389 udp ldap unknown
395264.69.94.253 520 tcp efs filtered
395364.69.94.253 520 udp route unknown
395464.69.94.253 2049 tcp nfs filtered
395564.69.94.253 2049 udp nfs unknown
395669.163.233.4 21 tcp ftp open 220 DreamHost FTP Server\x0d\x0a
395769.163.233.4 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
395869.163.233.4 25 tcp open
395969.163.233.4 53 tcp domain closed
396069.163.233.4 53 udp domain unknown
396169.163.233.4 67 tcp dhcps closed
396269.163.233.4 67 udp dhcps closed
396369.163.233.4 68 tcp dhcpc closed
396469.163.233.4 68 udp dhcpc unknown
396569.163.233.4 69 tcp tftp closed
396669.163.233.4 69 udp tftp closed
396769.163.233.4 88 tcp kerberos-sec closed
396869.163.233.4 88 udp kerberos-sec unknown
396969.163.233.4 123 tcp ntp closed
397069.163.233.4 123 udp ntp unknown
397169.163.233.4 137 tcp netbios-ns closed
397269.163.233.4 137 udp netbios-ns closed
397369.163.233.4 138 tcp netbios-dgm closed
397469.163.233.4 138 udp netbios-dgm closed
397569.163.233.4 139 tcp netbios-ssn closed
397669.163.233.4 139 udp netbios-ssn unknown
397769.163.233.4 161 tcp snmp closed
397869.163.233.4 161 udp snmp closed
397969.163.233.4 162 tcp snmptrap closed
398069.163.233.4 162 udp snmptrap closed
398169.163.233.4 389 tcp ldap closed
398269.163.233.4 389 udp ldap unknown
398369.163.233.4 520 tcp efs closed
398469.163.233.4 520 udp route closed
398569.163.233.4 2049 tcp nfs closed
398669.163.233.4 2049 udp nfs unknown
398774.117.180.192 21 tcp ftp filtered 220 Hello.\x0d\x0a
398874.117.180.192 22 tcp ssh filtered
398974.117.180.192 25 tcp smtp filtered
399074.117.180.192 53 tcp domain closed
399174.117.180.192 53 udp domain unknown
399274.117.180.192 67 tcp dhcps closed
399374.117.180.192 67 udp dhcps unknown
399474.117.180.192 68 tcp dhcpc closed
399574.117.180.192 68 udp dhcpc closed
399674.117.180.192 69 tcp tftp closed
399774.117.180.192 69 udp tftp closed
399874.117.180.192 80 tcp http filtered
399974.117.180.192 88 tcp kerberos-sec closed
400074.117.180.192 88 udp kerberos-sec closed
400174.117.180.192 110 tcp pop3 filtered
400274.117.180.192 111 tcp rpcbind filtered
400374.117.180.192 123 tcp ntp closed
400474.117.180.192 123 udp ntp unknown
400574.117.180.192 137 tcp netbios-ns closed
400674.117.180.192 137 udp netbios-ns closed
400774.117.180.192 138 tcp netbios-dgm closed
400874.117.180.192 138 udp netbios-dgm unknown
400974.117.180.192 139 tcp netbios-ssn closed
401074.117.180.192 139 udp netbios-ssn unknown
401174.117.180.192 143 tcp imap filtered
401274.117.180.192 161 tcp snmp closed
401374.117.180.192 161 udp snmp closed
401474.117.180.192 162 tcp snmptrap closed
401574.117.180.192 162 udp snmptrap unknown
401674.117.180.192 323 tcp rpki-rtr filtered
401774.117.180.192 389 tcp ldap closed
401874.117.180.192 389 udp ldap closed
401974.117.180.192 443 tcp https filtered
402074.117.180.192 465 tcp ssl/smtp open Exim smtpd 4.92.3
402174.117.180.192 520 tcp efs closed
402274.117.180.192 520 udp route unknown
402374.117.180.192 587 tcp submission filtered
402474.117.180.192 873 tcp rsync filtered
402574.117.180.192 993 tcp imaps filtered
402674.117.180.192 995 tcp pop3s filtered
402774.117.180.192 2049 tcp nfs closed
402874.117.180.192 2049 udp nfs closed
402974.117.180.192 2525 tcp smtp open Exim smtpd
403074.117.180.192 3306 tcp mysql filtered
403174.117.180.192 4949 tcp tcpwrapped open
403274.117.180.192 5666 tcp tcpwrapped open
403374.117.180.192 6380 tcp filtered
403474.117.180.192 9306 tcp sphinx-search open Sphinx Search daemon 2.1.5-id64-release
403574.117.180.192 11211 tcp memcache filtered
403682.94.222.131 53 udp domain unknown
403782.94.222.131 67 udp dhcps unknown
403882.94.222.131 68 udp dhcpc unknown
403982.94.222.131 69 udp tftp unknown
404082.94.222.131 88 udp kerberos-sec unknown
404182.94.222.131 123 udp ntp unknown
404282.94.222.131 137 udp netbios-ns unknown
404382.94.222.131 138 udp netbios-dgm unknown
404482.94.222.131 139 udp netbios-ssn unknown
404582.94.222.131 161 udp snmp unknown
404682.94.222.131 162 udp snmptrap unknown
404782.94.222.131 389 udp ldap unknown
404882.94.222.131 520 udp route unknown
404982.94.222.131 2049 udp nfs unknown
405092.123.250.35 53 tcp domain closed
405192.123.250.35 53 udp domain closed
405292.123.250.35 67 tcp dhcps filtered
405392.123.250.35 67 udp dhcps unknown
405492.123.250.35 68 tcp dhcpc filtered
405592.123.250.35 68 udp dhcpc unknown
405692.123.250.35 69 tcp tftp filtered
405792.123.250.35 69 udp tftp unknown
405892.123.250.35 80 tcp http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
405992.123.250.35 88 tcp kerberos-sec filtered
406092.123.250.35 88 udp kerberos-sec unknown
406192.123.250.35 123 tcp ntp filtered
406292.123.250.35 123 udp ntp unknown
406392.123.250.35 137 tcp netbios-ns filtered
406492.123.250.35 137 udp netbios-ns unknown
406592.123.250.35 138 tcp netbios-dgm filtered
406692.123.250.35 138 udp netbios-dgm unknown
406792.123.250.35 139 tcp netbios-ssn filtered
406892.123.250.35 139 udp netbios-ssn unknown
406992.123.250.35 161 tcp snmp filtered
407092.123.250.35 161 udp snmp unknown
407192.123.250.35 162 tcp snmptrap filtered
407292.123.250.35 162 udp snmptrap unknown
407392.123.250.35 389 tcp ldap filtered
407492.123.250.35 389 udp ldap unknown
407592.123.250.35 443 tcp ssl/https open
407692.123.250.35 520 tcp efs filtered
407792.123.250.35 520 udp route unknown
407892.123.250.35 2049 tcp nfs filtered
407992.123.250.35 2049 udp nfs unknown
408092.123.250.35 8883 tcp secure-mqtt open
408192.123.250.65 53 tcp domain filtered
408292.123.250.65 53 udp domain unknown
408392.123.250.65 67 tcp dhcps filtered
408492.123.250.65 67 udp dhcps unknown
408592.123.250.65 68 tcp dhcpc filtered
408692.123.250.65 68 udp dhcpc unknown
408792.123.250.65 69 tcp tftp filtered
408892.123.250.65 69 udp tftp unknown
408992.123.250.65 80 tcp http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
409092.123.250.65 88 tcp kerberos-sec filtered
409192.123.250.65 88 udp kerberos-sec unknown
409292.123.250.65 123 tcp ntp filtered
409392.123.250.65 123 udp ntp unknown
409492.123.250.65 137 tcp netbios-ns filtered
409592.123.250.65 137 udp netbios-ns unknown
409692.123.250.65 138 tcp netbios-dgm filtered
409792.123.250.65 138 udp netbios-dgm unknown
409892.123.250.65 139 tcp netbios-ssn filtered
409992.123.250.65 139 udp netbios-ssn unknown
410092.123.250.65 161 tcp snmp filtered
410192.123.250.65 161 udp snmp unknown
410292.123.250.65 162 tcp snmptrap filtered
410392.123.250.65 162 udp snmptrap unknown
410492.123.250.65 389 tcp ldap filtered
410592.123.250.65 389 udp ldap unknown
410692.123.250.65 443 tcp ssl/https open
410792.123.250.65 520 tcp efs filtered
410892.123.250.65 520 udp route unknown
410992.123.250.65 2049 tcp nfs filtered
411092.123.250.65 2049 udp nfs unknown
411192.123.250.65 8883 tcp secure-mqtt open
4112104.244.73.40 53 udp domain unknown
4113104.244.73.40 67 udp dhcps unknown
4114104.244.73.40 68 udp dhcpc unknown
4115104.244.73.40 69 udp tftp unknown
4116104.244.73.40 88 udp kerberos-sec unknown
4117104.244.73.40 123 udp ntp unknown
4118104.244.73.40 137 udp netbios-ns unknown
4119104.244.73.40 138 udp netbios-dgm unknown
4120104.244.73.40 139 udp netbios-ssn unknown
4121104.244.73.40 161 udp snmp unknown
4122104.244.73.40 162 udp snmptrap unknown
4123104.244.73.40 389 udp ldap unknown
4124104.244.73.40 520 udp route unknown
4125104.244.73.40 2049 udp nfs unknown
4126104.244.76.231 53 tcp domain filtered
4127104.244.76.231 53 udp domain unknown
4128104.244.76.231 67 tcp dhcps filtered
4129104.244.76.231 67 udp dhcps unknown
4130104.244.76.231 68 tcp dhcpc filtered
4131104.244.76.231 68 udp dhcpc unknown
4132104.244.76.231 69 tcp tftp filtered
4133104.244.76.231 69 udp tftp unknown
4134104.244.76.231 80 tcp http open nginx
4135104.244.76.231 88 tcp kerberos-sec filtered
4136104.244.76.231 88 udp kerberos-sec unknown
4137104.244.76.231 123 tcp ntp filtered
4138104.244.76.231 123 udp ntp unknown
4139104.244.76.231 137 tcp netbios-ns filtered
4140104.244.76.231 137 udp netbios-ns unknown
4141104.244.76.231 138 tcp netbios-dgm filtered
4142104.244.76.231 138 udp netbios-dgm unknown
4143104.244.76.231 139 tcp netbios-ssn filtered
4144104.244.76.231 139 udp netbios-ssn unknown
4145104.244.76.231 161 tcp snmp filtered
4146104.244.76.231 161 udp snmp unknown
4147104.244.76.231 162 tcp snmptrap filtered
4148104.244.76.231 162 udp snmptrap unknown
4149104.244.76.231 389 tcp ldap filtered
4150104.244.76.231 389 udp ldap unknown
4151104.244.76.231 443 tcp ssl/http open nginx
4152104.244.76.231 520 tcp efs filtered
4153104.244.76.231 520 udp route unknown
4154104.244.76.231 2049 tcp nfs filtered
4155104.244.76.231 2049 udp nfs unknown
4156104.244.76.231 5040 tcp unknown closed
4157104.244.76.231 16001 tcp ssl/http open MiniServ 1.910 Webmin httpd
4158104.244.76.231 16221 tcp closed
4159104.244.76.231 23022 tcp closed
4160104.244.76.231 32022 tcp ssh open OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 Ubuntu Linux; protocol 2.0
4161104.244.77.188 53 tcp domain filtered
4162104.244.77.188 53 udp domain unknown
4163104.244.77.188 67 tcp dhcps filtered
4164104.244.77.188 67 udp dhcps unknown
4165104.244.77.188 68 tcp dhcpc filtered
4166104.244.77.188 68 udp dhcpc unknown
4167104.244.77.188 69 tcp tftp filtered
4168104.244.77.188 69 udp tftp unknown
4169104.244.77.188 80 tcp http open nginx
4170104.244.77.188 88 tcp kerberos-sec filtered
4171104.244.77.188 88 udp kerberos-sec unknown
4172104.244.77.188 123 tcp ntp filtered
4173104.244.77.188 123 udp ntp unknown
4174104.244.77.188 137 tcp netbios-ns filtered
4175104.244.77.188 137 udp netbios-ns unknown
4176104.244.77.188 138 tcp netbios-dgm filtered
4177104.244.77.188 138 udp netbios-dgm unknown
4178104.244.77.188 139 tcp netbios-ssn filtered
4179104.244.77.188 139 udp netbios-ssn unknown
4180104.244.77.188 161 tcp snmp filtered
4181104.244.77.188 161 udp snmp unknown
4182104.244.77.188 162 tcp snmptrap filtered
4183104.244.77.188 162 udp snmptrap unknown
4184104.244.77.188 389 tcp ldap filtered
4185104.244.77.188 389 udp ldap unknown
4186104.244.77.188 443 tcp ssl/http open nginx
4187104.244.77.188 520 tcp efs filtered
4188104.244.77.188 520 udp route unknown
4189104.244.77.188 2049 tcp nfs filtered
4190104.244.77.188 2049 udp nfs unknown
4191104.244.77.188 5040 tcp unknown closed
4192104.244.77.188 16001 tcp ssl/http open MiniServ 1.910 Webmin httpd
4193104.244.77.188 16221 tcp closed
4194104.244.77.188 23022 tcp closed
4195104.244.77.188 32022 tcp ssh open OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 Ubuntu Linux; protocol 2.0
4196104.244.79.89 53 tcp domain filtered
4197104.244.79.89 53 udp domain unknown
4198104.244.79.89 67 tcp dhcps filtered
4199104.244.79.89 67 udp dhcps unknown
4200104.244.79.89 68 tcp dhcpc filtered
4201104.244.79.89 68 udp dhcpc unknown
4202104.244.79.89 69 tcp tftp filtered
4203104.244.79.89 69 udp tftp unknown
4204104.244.79.89 80 tcp http open nginx
4205104.244.79.89 88 tcp kerberos-sec filtered
4206104.244.79.89 88 udp kerberos-sec unknown
4207104.244.79.89 123 tcp ntp filtered
4208104.244.79.89 123 udp ntp unknown
4209104.244.79.89 137 tcp netbios-ns filtered
4210104.244.79.89 137 udp netbios-ns unknown
4211104.244.79.89 138 tcp netbios-dgm filtered
4212104.244.79.89 138 udp netbios-dgm unknown
4213104.244.79.89 139 tcp netbios-ssn filtered
4214104.244.79.89 139 udp netbios-ssn unknown
4215104.244.79.89 161 tcp snmp filtered
4216104.244.79.89 161 udp snmp unknown
4217104.244.79.89 162 tcp snmptrap filtered
4218104.244.79.89 162 udp snmptrap unknown
4219104.244.79.89 389 tcp ldap filtered
4220104.244.79.89 389 udp ldap unknown
4221104.244.79.89 443 tcp ssl/http open nginx
4222104.244.79.89 520 tcp efs filtered
4223104.244.79.89 520 udp route unknown
4224104.244.79.89 2049 tcp nfs filtered
4225104.244.79.89 2049 udp nfs unknown
4226104.244.79.89 7910 tcp ssl/http open nginx
4227104.244.79.89 7920 tcp unknown closed
4228104.244.79.89 7930 tcp closed
4229104.244.79.89 16001 tcp http open MiniServ 1.930 Webmin httpd
4230104.244.79.89 16010 tcp ssl/http open nginx
4231104.244.79.89 16221 tcp ssh open OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 Ubuntu Linux; protocol 2.0
4232104.244.79.89 32022 tcp ssh open OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 Ubuntu Linux; protocol 2.0
4233107.180.28.114 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 3 of 500 allowed.\x0d\x0a220-Local time is now 05:54. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
4234107.180.28.114 22 tcp ssh open SSH-2.0-OpenSSH_5.3
4235107.180.28.114 53 tcp domain filtered
4236107.180.28.114 53 udp domain unknown
4237107.180.28.114 67 tcp dhcps filtered
4238107.180.28.114 67 udp dhcps unknown
4239107.180.28.114 68 tcp dhcpc filtered
4240107.180.28.114 68 udp dhcpc unknown
4241107.180.28.114 69 tcp tftp filtered
4242107.180.28.114 69 udp tftp unknown
4243107.180.28.114 88 tcp kerberos-sec filtered
4244107.180.28.114 88 udp kerberos-sec unknown
4245107.180.28.114 123 tcp ntp filtered
4246107.180.28.114 123 udp ntp unknown
4247107.180.28.114 137 tcp netbios-ns filtered
4248107.180.28.114 137 udp netbios-ns unknown
4249107.180.28.114 138 tcp netbios-dgm filtered
4250107.180.28.114 138 udp netbios-dgm unknown
4251107.180.28.114 139 tcp netbios-ssn filtered
4252107.180.28.114 139 udp netbios-ssn unknown
4253107.180.28.114 161 tcp snmp filtered
4254107.180.28.114 161 udp snmp unknown
4255107.180.28.114 162 tcp snmptrap filtered
4256107.180.28.114 162 udp snmptrap unknown
4257107.180.28.114 389 tcp ldap filtered
4258107.180.28.114 389 udp ldap unknown
4259107.180.28.114 520 tcp efs filtered
4260107.180.28.114 520 udp route unknown
4261107.180.28.114 2049 tcp nfs filtered
4262107.180.28.114 2049 udp nfs unknown
4263111.90.145.39 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 15:04. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
4264111.90.145.39 53 tcp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
4265111.90.145.39 53 udp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
4266111.90.145.39 67 tcp dhcps closed
4267111.90.145.39 67 udp dhcps closed
4268111.90.145.39 68 tcp dhcpc closed
4269111.90.145.39 68 udp dhcpc unknown
4270111.90.145.39 69 tcp tftp closed
4271111.90.145.39 69 udp tftp unknown
4272111.90.145.39 88 tcp kerberos-sec closed
4273111.90.145.39 88 udp kerberos-sec unknown
4274111.90.145.39 123 tcp ntp closed
4275111.90.145.39 123 udp ntp closed
4276111.90.145.39 137 tcp netbios-ns closed
4277111.90.145.39 137 udp netbios-ns unknown
4278111.90.145.39 138 tcp netbios-dgm closed
4279111.90.145.39 138 udp netbios-dgm unknown
4280111.90.145.39 139 tcp netbios-ssn filtered
4281111.90.145.39 139 udp netbios-ssn closed
4282111.90.145.39 161 tcp snmp closed
4283111.90.145.39 161 udp snmp unknown
4284111.90.145.39 162 tcp snmptrap closed
4285111.90.145.39 162 udp snmptrap closed
4286111.90.145.39 389 tcp ldap closed
4287111.90.145.39 389 udp ldap unknown
4288111.90.145.39 520 tcp efs closed
4289111.90.145.39 520 udp route closed
4290111.90.145.39 2049 tcp nfs closed
4291111.90.145.39 2049 udp nfs closed
4292143.95.110.248 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 150 allowed.\x0d\x0a220-Local time is now 05:55. Server port: 21.\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
4293143.95.110.248 53 tcp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
4294143.95.110.248 53 udp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
4295143.95.110.248 67 tcp dhcps closed
4296143.95.110.248 67 udp dhcps unknown
4297143.95.110.248 68 tcp dhcpc closed
4298143.95.110.248 68 udp dhcpc unknown
4299143.95.110.248 69 tcp tftp closed
4300143.95.110.248 69 udp tftp unknown
4301143.95.110.248 88 tcp kerberos-sec closed
4302143.95.110.248 88 udp kerberos-sec unknown
4303143.95.110.248 123 tcp ntp closed
4304143.95.110.248 123 udp ntp unknown
4305143.95.110.248 137 tcp netbios-ns closed
4306143.95.110.248 137 udp netbios-ns unknown
4307143.95.110.248 138 tcp netbios-dgm closed
4308143.95.110.248 138 udp netbios-dgm closed
4309143.95.110.248 139 tcp netbios-ssn closed
4310143.95.110.248 139 udp netbios-ssn unknown
4311143.95.110.248 161 tcp snmp closed
4312143.95.110.248 161 udp snmp closed
4313143.95.110.248 162 tcp snmptrap closed
4314143.95.110.248 162 udp snmptrap unknown
4315143.95.110.248 389 tcp ldap closed
4316143.95.110.248 389 udp ldap closed
4317143.95.110.248 520 tcp efs closed
4318143.95.110.248 520 udp route unknown
4319143.95.110.248 2049 tcp nfs closed
4320143.95.110.248 2049 udp nfs unknown
4321149.126.72.220 25 tcp smtp closed
4322149.126.72.220 51 tcp tcpwrapped open
4323149.126.72.220 53 tcp domain open
4324149.126.72.220 53 udp domain open
4325149.126.72.220 65 tcp tcpwrapped open
4326149.126.72.220 66 tcp tcpwrapped open
4327149.126.72.220 67 tcp dhcps filtered
4328149.126.72.220 67 udp dhcps unknown
4329149.126.72.220 68 tcp dhcpc filtered
4330149.126.72.220 68 udp dhcpc unknown
4331149.126.72.220 69 tcp tftp filtered
4332149.126.72.220 69 udp tftp unknown
4333149.126.72.220 80 tcp tcpwrapped open
4334149.126.72.220 81 tcp tcpwrapped open
4335149.126.72.220 82 tcp tcpwrapped open
4336149.126.72.220 83 tcp tcpwrapped open
4337149.126.72.220 84 tcp tcpwrapped open
4338149.126.72.220 85 tcp tcpwrapped open
4339149.126.72.220 86 tcp tcpwrapped open
4340149.126.72.220 88 tcp http open Incapsula CDN httpd
4341149.126.72.220 88 udp kerberos-sec unknown
4342149.126.72.220 89 tcp tcpwrapped open
4343149.126.72.220 90 tcp tcpwrapped open
4344149.126.72.220 91 tcp tcpwrapped open
4345149.126.72.220 92 tcp tcpwrapped open
4346149.126.72.220 98 tcp tcpwrapped open
4347149.126.72.220 99 tcp tcpwrapped open
4348149.126.72.220 123 tcp ntp filtered
4349149.126.72.220 123 udp ntp unknown
4350149.126.72.220 137 tcp netbios-ns filtered
4351149.126.72.220 137 udp netbios-ns filtered
4352149.126.72.220 138 tcp netbios-dgm filtered
4353149.126.72.220 138 udp netbios-dgm filtered
4354149.126.72.220 139 tcp netbios-ssn closed
4355149.126.72.220 139 udp netbios-ssn unknown
4356149.126.72.220 160 tcp sgmp-traps closed
4357149.126.72.220 161 tcp snmp filtered
4358149.126.72.220 161 udp snmp unknown
4359149.126.72.220 162 tcp snmptrap filtered
4360149.126.72.220 162 udp snmptrap unknown
4361149.126.72.220 189 tcp tcpwrapped open
4362149.126.72.220 190 tcp tcpwrapped open
4363149.126.72.220 192 tcp tcpwrapped open
4364149.126.72.220 243 tcp tcpwrapped open
4365149.126.72.220 285 tcp tcpwrapped open
4366149.126.72.220 314 tcp tcpwrapped open
4367149.126.72.220 343 tcp tcpwrapped open
4368149.126.72.220 347 tcp tcpwrapped open
4369149.126.72.220 385 tcp tcpwrapped open
4370149.126.72.220 389 tcp ssl/http open Incapsula CDN httpd
4371149.126.72.220 389 udp ldap unknown
4372149.126.72.220 400 tcp tcpwrapped open
4373149.126.72.220 440 tcp tcpwrapped open
4374149.126.72.220 441 tcp tcpwrapped open
4375149.126.72.220 442 tcp tcpwrapped open
4376149.126.72.220 443 tcp ssl/tcpwrapped open
4377149.126.72.220 444 tcp tcpwrapped open
4378149.126.72.220 445 tcp microsoft-ds closed
4379149.126.72.220 446 tcp tcpwrapped open
4380149.126.72.220 447 tcp tcpwrapped open
4381149.126.72.220 448 tcp tcpwrapped open
4382149.126.72.220 449 tcp tcpwrapped open
4383149.126.72.220 452 tcp tcpwrapped open
4384149.126.72.220 461 tcp tcpwrapped open
4385149.126.72.220 462 tcp tcpwrapped open
4386149.126.72.220 480 tcp tcpwrapped open
4387149.126.72.220 485 tcp tcpwrapped open
4388149.126.72.220 487 tcp tcpwrapped open
4389149.126.72.220 488 tcp tcpwrapped open
4390149.126.72.220 491 tcp tcpwrapped open
4391149.126.72.220 520 tcp efs filtered
4392149.126.72.220 520 udp route unknown
4393149.126.72.220 555 tcp tcpwrapped open
4394149.126.72.220 556 tcp tcpwrapped open
4395149.126.72.220 587 tcp tcpwrapped open
4396149.126.72.220 631 tcp tcpwrapped open
4397149.126.72.220 632 tcp tcpwrapped open
4398149.126.72.220 636 tcp tcpwrapped open
4399149.126.72.220 743 tcp tcpwrapped open
4400149.126.72.220 772 tcp tcpwrapped open
4401149.126.72.220 777 tcp tcpwrapped open
4402149.126.72.220 782 tcp tcpwrapped open
4403149.126.72.220 785 tcp tcpwrapped open
4404149.126.72.220 800 tcp tcpwrapped open
4405149.126.72.220 801 tcp tcpwrapped open
4406149.126.72.220 805 tcp tcpwrapped open
4407149.126.72.220 806 tcp tcpwrapped open
4408149.126.72.220 809 tcp tcpwrapped open
4409149.126.72.220 843 tcp tcpwrapped open
4410149.126.72.220 853 tcp tcpwrapped open
4411149.126.72.220 885 tcp tcpwrapped open
4412149.126.72.220 886 tcp tcpwrapped open
4413149.126.72.220 887 tcp tcpwrapped open
4414149.126.72.220 888 tcp tcpwrapped open
4415149.126.72.220 943 tcp tcpwrapped open
4416149.126.72.220 947 tcp tcpwrapped open
4417149.126.72.220 953 tcp tcpwrapped open
4418149.126.72.220 990 tcp tcpwrapped open
4419149.126.72.220 995 tcp tcpwrapped open
4420149.126.72.220 998 tcp tcpwrapped open
4421149.126.72.220 999 tcp tcpwrapped open
4422149.126.72.220 1000 tcp tcpwrapped open
4423149.126.72.220 1002 tcp tcpwrapped open
4424149.126.72.220 1024 tcp tcpwrapped open
4425149.126.72.220 1025 tcp tcpwrapped open
4426149.126.72.220 1028 tcp tcpwrapped open
4427149.126.72.220 1080 tcp tcpwrapped open
4428149.126.72.220 1103 tcp tcpwrapped open
4429149.126.72.220 1111 tcp tcpwrapped open
4430149.126.72.220 1180 tcp tcpwrapped open
4431149.126.72.220 1181 tcp tcpwrapped open
4432149.126.72.220 1207 tcp tcpwrapped open
4433149.126.72.220 1234 tcp tcpwrapped open
4434149.126.72.220 1250 tcp tcpwrapped open
4435149.126.72.220 1283 tcp tcpwrapped open
4436149.126.72.220 1291 tcp tcpwrapped open
4437149.126.72.220 1292 tcp tcpwrapped open
4438149.126.72.220 1293 tcp tcpwrapped open
4439149.126.72.220 1337 tcp tcpwrapped open
4440149.126.72.220 1344 tcp tcpwrapped open
4441149.126.72.220 1355 tcp tcpwrapped open
4442149.126.72.220 1364 tcp tcpwrapped open
4443149.126.72.220 1366 tcp tcpwrapped open
4444149.126.72.220 1377 tcp tcpwrapped open
4445149.126.72.220 1387 tcp tcpwrapped open
4446149.126.72.220 1388 tcp tcpwrapped open
4447149.126.72.220 1433 tcp tcpwrapped open
4448149.126.72.220 1443 tcp tcpwrapped open
4449149.126.72.220 1447 tcp tcpwrapped open
4450149.126.72.220 1450 tcp tcpwrapped open
4451149.126.72.220 1451 tcp tcpwrapped open
4452149.126.72.220 1452 tcp tcpwrapped open
4453149.126.72.220 1453 tcp tcpwrapped open
4454149.126.72.220 1454 tcp tcpwrapped open
4455149.126.72.220 1455 tcp tcpwrapped open
4456149.126.72.220 1456 tcp tcpwrapped open
4457149.126.72.220 1457 tcp tcpwrapped open
4458149.126.72.220 1458 tcp tcpwrapped open
4459149.126.72.220 1459 tcp tcpwrapped open
4460149.126.72.220 1460 tcp tcpwrapped open
4461149.126.72.220 1494 tcp tcpwrapped open
4462149.126.72.220 1935 tcp tcpwrapped open
4463149.126.72.220 1950 tcp tcpwrapped open
4464149.126.72.220 1951 tcp tcpwrapped open
4465149.126.72.220 1952 tcp tcpwrapped open
4466149.126.72.220 1953 tcp tcpwrapped open
4467149.126.72.220 1954 tcp tcpwrapped open
4468149.126.72.220 1955 tcp tcpwrapped open
4469149.126.72.220 1956 tcp tcpwrapped open
4470149.126.72.220 1957 tcp tcpwrapped open
4471149.126.72.220 1958 tcp tcpwrapped open
4472149.126.72.220 1959 tcp tcpwrapped open
4473149.126.72.220 1960 tcp tcpwrapped open
4474149.126.72.220 1964 tcp tcpwrapped open
4475149.126.72.220 1965 tcp tcpwrapped open
4476149.126.72.220 1966 tcp tcpwrapped open
4477149.126.72.220 1967 tcp tcpwrapped open
4478149.126.72.220 1968 tcp tcpwrapped open
4479149.126.72.220 1969 tcp tcpwrapped open
4480149.126.72.220 1970 tcp tcpwrapped open
4481149.126.72.220 1971 tcp tcpwrapped open
4482149.126.72.220 1972 tcp tcpwrapped open
4483149.126.72.220 1973 tcp tcpwrapped open
4484149.126.72.220 1974 tcp tcpwrapped open
4485149.126.72.220 1975 tcp tcpwrapped open
4486149.126.72.220 1976 tcp tcpwrapped open
4487149.126.72.220 1977 tcp tcpwrapped open
4488149.126.72.220 1978 tcp tcpwrapped open
4489149.126.72.220 1979 tcp tcpwrapped open
4490149.126.72.220 1980 tcp tcpwrapped open
4491149.126.72.220 1981 tcp tcpwrapped open
4492149.126.72.220 1982 tcp tcpwrapped open
4493149.126.72.220 1983 tcp tcpwrapped open
4494149.126.72.220 1984 tcp tcpwrapped open
4495149.126.72.220 1985 tcp tcpwrapped open
4496149.126.72.220 1986 tcp tcpwrapped open
4497149.126.72.220 1987 tcp tcpwrapped open
4498149.126.72.220 1988 tcp tcpwrapped open
4499149.126.72.220 1989 tcp tcpwrapped open
4500149.126.72.220 2000 tcp tcpwrapped open
4501149.126.72.220 2001 tcp tcpwrapped open
4502149.126.72.220 2006 tcp tcpwrapped open
4503149.126.72.220 2012 tcp tcpwrapped open
4504149.126.72.220 2020 tcp tcpwrapped open
4505149.126.72.220 2048 tcp tcpwrapped open
4506149.126.72.220 2049 tcp http open Incapsula CDN httpd
4507149.126.72.220 2049 udp nfs unknown
4508149.126.72.220 2050 tcp tcpwrapped open
4509149.126.72.220 2051 tcp tcpwrapped open
4510149.126.72.220 2052 tcp tcpwrapped open
4511149.126.72.220 2053 tcp tcpwrapped open
4512149.126.72.220 2054 tcp tcpwrapped open
4513149.126.72.220 2055 tcp tcpwrapped open
4514149.126.72.220 2056 tcp tcpwrapped open
4515149.126.72.220 2057 tcp tcpwrapped open
4516149.126.72.220 2058 tcp tcpwrapped open
4517149.126.72.220 2059 tcp tcpwrapped open
4518149.126.72.220 2060 tcp tcpwrapped open
4519149.126.72.220 2061 tcp tcpwrapped open
4520149.126.72.220 2062 tcp tcpwrapped open
4521149.126.72.220 2063 tcp tcpwrapped open
4522149.126.72.220 2064 tcp tcpwrapped open
4523149.126.72.220 2065 tcp tcpwrapped open
4524149.126.72.220 2066 tcp tcpwrapped open
4525149.126.72.220 2067 tcp tcpwrapped open
4526149.126.72.220 2068 tcp tcpwrapped open
4527149.126.72.220 2069 tcp tcpwrapped open
4528149.126.72.220 2070 tcp tcpwrapped open
4529149.126.72.220 2072 tcp tcpwrapped open
4530149.126.72.220 2082 tcp tcpwrapped open
4531149.126.72.220 2083 tcp tcpwrapped open
4532149.126.72.220 2087 tcp tcpwrapped open
4533149.126.72.220 2096 tcp tcpwrapped open
4534149.126.72.220 2100 tcp tcpwrapped open
4535149.126.72.220 2108 tcp tcpwrapped open
4536149.126.72.220 2200 tcp tcpwrapped open
4537149.126.72.220 2209 tcp tcpwrapped open
4538149.126.72.220 2222 tcp tcpwrapped open
4539149.126.72.220 2226 tcp tcpwrapped open
4540149.126.72.220 2248 tcp tcpwrapped open
4541149.126.72.220 2344 tcp tcpwrapped open
4542149.126.72.220 2345 tcp tcpwrapped open
4543149.126.72.220 2353 tcp tcpwrapped open
4544149.126.72.220 2363 tcp tcpwrapped open
4545149.126.72.220 2423 tcp tcpwrapped open
4546149.126.72.220 2433 tcp tcpwrapped open
4547149.126.72.220 2435 tcp tcpwrapped open
4548149.126.72.220 2443 tcp tcpwrapped open
4549149.126.72.220 2453 tcp tcpwrapped open
4550149.126.72.220 2480 tcp tcpwrapped open
4551149.126.72.220 2548 tcp tcpwrapped open
4552149.126.72.220 2549 tcp tcpwrapped open
4553149.126.72.220 2550 tcp tcpwrapped open
4554149.126.72.220 2551 tcp tcpwrapped open
4555149.126.72.220 2552 tcp tcpwrapped open
4556149.126.72.220 2553 tcp tcpwrapped open
4557149.126.72.220 2554 tcp tcpwrapped open
4558149.126.72.220 2555 tcp tcpwrapped open
4559149.126.72.220 2556 tcp tcpwrapped open
4560149.126.72.220 2557 tcp tcpwrapped open
4561149.126.72.220 2558 tcp tcpwrapped open
4562149.126.72.220 2559 tcp tcpwrapped open
4563149.126.72.220 2560 tcp tcpwrapped open
4564149.126.72.220 2561 tcp tcpwrapped open
4565149.126.72.220 2562 tcp tcpwrapped open
4566149.126.72.220 2563 tcp tcpwrapped open
4567149.126.72.220 2566 tcp tcpwrapped open
4568149.126.72.220 2567 tcp tcpwrapped open
4569149.126.72.220 2568 tcp tcpwrapped open
4570149.126.72.220 2569 tcp tcpwrapped open
4571149.126.72.220 2570 tcp tcpwrapped open
4572149.126.72.220 2572 tcp tcpwrapped open
4573149.126.72.220 2598 tcp tcpwrapped open
4574149.126.72.220 2599 tcp tcpwrapped open
4575149.126.72.220 2850 tcp tcpwrapped open
4576149.126.72.220 2985 tcp tcpwrapped open
4577149.126.72.220 2995 tcp tcpwrapped open
4578149.126.72.220 3000 tcp tcpwrapped open
4579149.126.72.220 3001 tcp tcpwrapped open
4580149.126.72.220 3002 tcp tcpwrapped open
4581149.126.72.220 3003 tcp tcpwrapped open
4582149.126.72.220 3004 tcp tcpwrapped open
4583149.126.72.220 3005 tcp tcpwrapped open
4584149.126.72.220 3006 tcp tcpwrapped open
4585149.126.72.220 3007 tcp tcpwrapped open
4586149.126.72.220 3008 tcp tcpwrapped open
4587149.126.72.220 3009 tcp tcpwrapped open
4588149.126.72.220 3010 tcp tcpwrapped open
4589149.126.72.220 3011 tcp tcpwrapped open
4590149.126.72.220 3012 tcp tcpwrapped open
4591149.126.72.220 3013 tcp tcpwrapped open
4592149.126.72.220 3014 tcp tcpwrapped open
4593149.126.72.220 3015 tcp tcpwrapped open
4594149.126.72.220 3016 tcp tcpwrapped open
4595149.126.72.220 3017 tcp tcpwrapped open
4596149.126.72.220 3018 tcp tcpwrapped open
4597149.126.72.220 3019 tcp tcpwrapped open
4598149.126.72.220 3020 tcp tcpwrapped open
4599149.126.72.220 3021 tcp tcpwrapped open
4600149.126.72.220 3022 tcp tcpwrapped open
4601149.126.72.220 3030 tcp tcpwrapped open
4602149.126.72.220 3047 tcp tcpwrapped open
4603149.126.72.220 3048 tcp tcpwrapped open
4604149.126.72.220 3049 tcp tcpwrapped open
4605149.126.72.220 3050 tcp tcpwrapped open
4606149.126.72.220 3051 tcp tcpwrapped open
4607149.126.72.220 3052 tcp tcpwrapped open
4608149.126.72.220 3053 tcp tcpwrapped open
4609149.126.72.220 3054 tcp tcpwrapped open
4610149.126.72.220 3055 tcp tcpwrapped open
4611149.126.72.220 3056 tcp tcpwrapped open
4612149.126.72.220 3057 tcp tcpwrapped open
4613149.126.72.220 3058 tcp tcpwrapped open
4614149.126.72.220 3059 tcp tcpwrapped open
4615149.126.72.220 3060 tcp tcpwrapped open
4616149.126.72.220 3061 tcp tcpwrapped open
4617149.126.72.220 3062 tcp tcpwrapped open
4618149.126.72.220 3063 tcp tcpwrapped open
4619149.126.72.220 3064 tcp tcpwrapped open
4620149.126.72.220 3065 tcp tcpwrapped open
4621149.126.72.220 3066 tcp tcpwrapped open
4622149.126.72.220 3067 tcp tcpwrapped open
4623149.126.72.220 3068 tcp tcpwrapped open
4624149.126.72.220 3069 tcp tcpwrapped open
4625149.126.72.220 3070 tcp tcpwrapped open
4626149.126.72.220 3071 tcp tcpwrapped open
4627149.126.72.220 3072 tcp tcpwrapped open
4628149.126.72.220 3073 tcp tcpwrapped open
4629149.126.72.220 3074 tcp tcpwrapped open
4630149.126.72.220 3075 tcp tcpwrapped open
4631149.126.72.220 3076 tcp tcpwrapped open
4632149.126.72.220 3077 tcp tcpwrapped open
4633149.126.72.220 3078 tcp tcpwrapped open
4634149.126.72.220 3079 tcp tcpwrapped open
4635149.126.72.220 3080 tcp tcpwrapped open
4636149.126.72.220 3081 tcp tcpwrapped open
4637149.126.72.220 3082 tcp tcpwrapped open
4638149.126.72.220 3083 tcp tcpwrapped open
4639149.126.72.220 3084 tcp tcpwrapped open
4640149.126.72.220 3085 tcp tcpwrapped open
4641149.126.72.220 3086 tcp tcpwrapped open
4642149.126.72.220 3087 tcp tcpwrapped open
4643149.126.72.220 3088 tcp tcpwrapped open
4644149.126.72.220 3089 tcp tcpwrapped open
4645149.126.72.220 3090 tcp tcpwrapped open
4646149.126.72.220 3091 tcp tcpwrapped open
4647149.126.72.220 3092 tcp tcpwrapped open
4648149.126.72.220 3093 tcp tcpwrapped open
4649149.126.72.220 3094 tcp tcpwrapped open
4650149.126.72.220 3095 tcp tcpwrapped open
4651149.126.72.220 3096 tcp tcpwrapped open
4652149.126.72.220 3097 tcp tcpwrapped open
4653149.126.72.220 3098 tcp tcpwrapped open
4654149.126.72.220 3099 tcp tcpwrapped open
4655149.126.72.220 3100 tcp tcpwrapped open
4656149.126.72.220 3101 tcp tcpwrapped open
4657149.126.72.220 3102 tcp tcpwrapped open
4658149.126.72.220 3103 tcp tcpwrapped open
4659149.126.72.220 3104 tcp tcpwrapped open
4660149.126.72.220 3105 tcp tcpwrapped open
4661149.126.72.220 3106 tcp tcpwrapped open
4662149.126.72.220 3107 tcp tcpwrapped open
4663149.126.72.220 3108 tcp tcpwrapped open
4664149.126.72.220 3109 tcp tcpwrapped open
4665149.126.72.220 3110 tcp tcpwrapped open
4666149.126.72.220 3111 tcp tcpwrapped open
4667149.126.72.220 3112 tcp tcpwrapped open
4668149.126.72.220 3113 tcp tcpwrapped open
4669149.126.72.220 3114 tcp tcpwrapped open
4670149.126.72.220 3115 tcp tcpwrapped open
4671149.126.72.220 3116 tcp tcpwrapped open
4672149.126.72.220 3117 tcp tcpwrapped open
4673149.126.72.220 3118 tcp tcpwrapped open
4674149.126.72.220 3119 tcp tcpwrapped open
4675149.126.72.220 3120 tcp tcpwrapped open
4676149.126.72.220 3121 tcp tcpwrapped open
4677149.126.72.220 3150 tcp tcpwrapped open
4678149.126.72.220 3155 tcp tcpwrapped open
4679149.126.72.220 3160 tcp tcpwrapped open
4680149.126.72.220 3165 tcp tcpwrapped open
4681149.126.72.220 3270 tcp tcpwrapped open
4682149.126.72.220 3299 tcp tcpwrapped open
4683149.126.72.220 3306 tcp tcpwrapped open
4684149.126.72.220 3333 tcp tcpwrapped open
4685149.126.72.220 3389 tcp tcpwrapped open
4686149.126.72.220 3391 tcp tcpwrapped open
4687149.126.72.220 3400 tcp tcpwrapped open
4688149.126.72.220 3401 tcp tcpwrapped open
4689149.126.72.220 3402 tcp tcpwrapped open
4690149.126.72.220 3403 tcp tcpwrapped open
4691149.126.72.220 3404 tcp tcpwrapped open
4692149.126.72.220 3405 tcp tcpwrapped open
4693149.126.72.220 3406 tcp tcpwrapped open
4694149.126.72.220 3407 tcp tcpwrapped open
4695149.126.72.220 3408 tcp tcpwrapped open
4696149.126.72.220 3409 tcp tcpwrapped open
4697149.126.72.220 3410 tcp tcpwrapped open
4698149.126.72.220 3412 tcp tcpwrapped open
4699149.126.72.220 3443 tcp tcpwrapped open
4700149.126.72.220 3500 tcp tcpwrapped open
4701149.126.72.220 3510 tcp tcpwrapped open
4702149.126.72.220 3521 tcp tcpwrapped open
4703149.126.72.220 3522 tcp tcpwrapped open
4704149.126.72.220 3523 tcp tcpwrapped open
4705149.126.72.220 3524 tcp tcpwrapped open
4706149.126.72.220 3530 tcp tcpwrapped open
4707149.126.72.220 3531 tcp tcpwrapped open
4708149.126.72.220 3540 tcp tcpwrapped open
4709149.126.72.220 3548 tcp tcpwrapped open
4710149.126.72.220 3549 tcp tcpwrapped open
4711149.126.72.220 3550 tcp tcpwrapped open
4712149.126.72.220 3551 tcp tcpwrapped open
4713149.126.72.220 3552 tcp tcpwrapped open
4714149.126.72.220 3553 tcp tcpwrapped open
4715149.126.72.220 3554 tcp tcpwrapped open
4716149.126.72.220 3555 tcp tcpwrapped open
4717149.126.72.220 3556 tcp tcpwrapped open
4718149.126.72.220 3557 tcp tcpwrapped open
4719149.126.72.220 3558 tcp tcpwrapped open
4720149.126.72.220 3559 tcp tcpwrapped open
4721149.126.72.220 3560 tcp tcpwrapped open
4722149.126.72.220 3561 tcp tcpwrapped open
4723149.126.72.220 3562 tcp tcpwrapped open
4724149.126.72.220 3563 tcp tcpwrapped open
4725149.126.72.220 3566 tcp tcpwrapped open
4726149.126.72.220 3567 tcp tcpwrapped open
4727149.126.72.220 3568 tcp tcpwrapped open
4728149.126.72.220 3569 tcp tcpwrapped open
4729149.126.72.220 3570 tcp tcpwrapped open
4730149.126.72.220 3572 tcp tcpwrapped open
4731149.126.72.220 3580 tcp tcpwrapped open
4732149.126.72.220 3590 tcp tcpwrapped open
4733149.126.72.220 3790 tcp tcpwrapped open
4734149.126.72.220 3791 tcp tcpwrapped open
4735149.126.72.220 3792 tcp tcpwrapped open
4736149.126.72.220 3793 tcp tcpwrapped open
4737149.126.72.220 3794 tcp tcpwrapped open
4738149.126.72.220 3838 tcp tcpwrapped open
4739149.126.72.220 3841 tcp tcpwrapped open
4740149.126.72.220 3842 tcp tcpwrapped open
4741149.126.72.220 3950 tcp tcpwrapped open
4742149.126.72.220 3951 tcp tcpwrapped open
4743149.126.72.220 3952 tcp tcpwrapped open
4744149.126.72.220 3953 tcp tcpwrapped open
4745149.126.72.220 3954 tcp adrep open
4746149.126.72.220 4000 tcp tcpwrapped open
4747149.126.72.220 4001 tcp newoak open
4748149.126.72.220 4002 tcp mlchat-proxy open
4749149.126.72.220 4021 tcp nexus-portal open
4750149.126.72.220 4022 tcp dnox open
4751149.126.72.220 4023 tcp esnm-zoning open
4752149.126.72.220 4043 tcp nirp open
4753149.126.72.220 4072 tcp zieto-sock open
4754149.126.72.220 4080 tcp lorica-in open
4755149.126.72.220 4085 tcp ezmessagesrv open
4756149.126.72.220 4120 tcp minirem open
4757149.126.72.220 4147 tcp vrxpservman open
4758149.126.72.220 4148 tcp hhb-handheld open
4759149.126.72.220 4150 tcp poweralert-nsa open
4760149.126.72.220 4155 tcp bzr open
4761149.126.72.220 4160 tcp jini-discovery open
4762149.126.72.220 4165 tcp altcp open
4763149.126.72.220 4172 tcp pcoip open
4764149.126.72.220 4243 tcp vrml-multi-use open
4765149.126.72.220 4244 tcp vrml-multi-use open
4766149.126.72.220 4250 tcp vrml-multi-use open
4767149.126.72.220 4300 tcp corelccam open
4768149.126.72.220 4333 tcp msql open
4769149.126.72.220 4343 tcp unicall open
4770149.126.72.220 4344 tcp vinainstall open
4771149.126.72.220 4400 tcp ds-srv open
4772149.126.72.220 4401 tcp tcpwrapped open
4773149.126.72.220 4402 tcp tcpwrapped open
4774149.126.72.220 4430 tcp tcpwrapped open
4775149.126.72.220 4431 tcp tcpwrapped open
4776149.126.72.220 4432 tcp tcpwrapped open
4777149.126.72.220 4434 tcp tcpwrapped open
4778149.126.72.220 4435 tcp tcpwrapped open
4779149.126.72.220 4436 tcp tcpwrapped open
4780149.126.72.220 4437 tcp tcpwrapped open
4781149.126.72.220 4439 tcp tcpwrapped open
4782149.126.72.220 4440 tcp tcpwrapped open
4783149.126.72.220 4443 tcp tcpwrapped open
4784149.126.72.220 4444 tcp tcpwrapped open
4785149.126.72.220 4445 tcp tcpwrapped open
4786149.126.72.220 4451 tcp tcpwrapped open
4787149.126.72.220 4455 tcp tcpwrapped open
4788149.126.72.220 4457 tcp tcpwrapped open
4789149.126.72.220 4459 tcp tcpwrapped open
4790149.126.72.220 4461 tcp tcpwrapped open
4791149.126.72.220 4463 tcp tcpwrapped open
4792149.126.72.220 4477 tcp tcpwrapped open
4793149.126.72.220 4482 tcp tcpwrapped open
4794149.126.72.220 4500 tcp tcpwrapped open
4795149.126.72.220 4502 tcp tcpwrapped open
4796149.126.72.220 4505 tcp tcpwrapped open
4797149.126.72.220 4572 tcp tcpwrapped open
4798149.126.72.220 4602 tcp tcpwrapped open
4799149.126.72.220 4620 tcp tcpwrapped open
4800149.126.72.220 4643 tcp tcpwrapped open
4801149.126.72.220 4848 tcp tcpwrapped open
4802149.126.72.220 4933 tcp tcpwrapped open
4803149.126.72.220 4993 tcp tcpwrapped open
4804149.126.72.220 5000 tcp tcpwrapped open
4805149.126.72.220 5001 tcp tcpwrapped open
4806149.126.72.220 5002 tcp tcpwrapped open
4807149.126.72.220 5003 tcp tcpwrapped open
4808149.126.72.220 5004 tcp tcpwrapped open
4809149.126.72.220 5005 tcp tcpwrapped open
4810149.126.72.220 5006 tcp tcpwrapped open
4811149.126.72.220 5007 tcp tcpwrapped open
4812149.126.72.220 5008 tcp tcpwrapped open
4813149.126.72.220 5009 tcp tcpwrapped open
4814149.126.72.220 5010 tcp tcpwrapped open
4815149.126.72.220 5011 tcp tcpwrapped open
4816149.126.72.220 5022 tcp tcpwrapped open
4817149.126.72.220 5050 tcp tcpwrapped open
4818149.126.72.220 5053 tcp tcpwrapped open
4819149.126.72.220 5060 tcp tcpwrapped open
4820149.126.72.220 5061 tcp tcpwrapped open
4821149.126.72.220 5080 tcp tcpwrapped open
4822149.126.72.220 5083 tcp tcpwrapped open
4823149.126.72.220 5089 tcp tcpwrapped open
4824149.126.72.220 5090 tcp tcpwrapped open
4825149.126.72.220 5100 tcp tcpwrapped open
4826149.126.72.220 5105 tcp tcpwrapped open
4827149.126.72.220 5119 tcp tcpwrapped open
4828149.126.72.220 5120 tcp tcpwrapped open
4829149.126.72.220 5130 tcp tcpwrapped open
4830149.126.72.220 5140 tcp tcpwrapped open
4831149.126.72.220 5150 tcp tcpwrapped open
4832149.126.72.220 5160 tcp tcpwrapped open
4833149.126.72.220 5180 tcp tcpwrapped open
4834149.126.72.220 5201 tcp tcpwrapped open
4835149.126.72.220 5222 tcp tcpwrapped open
4836149.126.72.220 5223 tcp tcpwrapped open
4837149.126.72.220 5224 tcp tcpwrapped open
4838149.126.72.220 5225 tcp tcpwrapped open
4839149.126.72.220 5226 tcp tcpwrapped open
4840149.126.72.220 5227 tcp tcpwrapped open
4841149.126.72.220 5228 tcp tcpwrapped open
4842149.126.72.220 5229 tcp tcpwrapped open
4843149.126.72.220 5230 tcp tcpwrapped open
4844149.126.72.220 5231 tcp tcpwrapped open
4845149.126.72.220 5232 tcp tcpwrapped open
4846149.126.72.220 5233 tcp tcpwrapped open
4847149.126.72.220 5234 tcp tcpwrapped open
4848149.126.72.220 5235 tcp tcpwrapped open
4849149.126.72.220 5236 tcp tcpwrapped open
4850149.126.72.220 5237 tcp tcpwrapped open
4851149.126.72.220 5238 tcp tcpwrapped open
4852149.126.72.220 5239 tcp tcpwrapped open
4853149.126.72.220 5240 tcp tcpwrapped open
4854149.126.72.220 5241 tcp tcpwrapped open
4855149.126.72.220 5242 tcp tcpwrapped open
4856149.126.72.220 5243 tcp tcpwrapped open
4857149.126.72.220 5244 tcp tcpwrapped open
4858149.126.72.220 5245 tcp tcpwrapped open
4859149.126.72.220 5246 tcp tcpwrapped open
4860149.126.72.220 5247 tcp tcpwrapped open
4861149.126.72.220 5248 tcp tcpwrapped open
4862149.126.72.220 5249 tcp tcpwrapped open
4863149.126.72.220 5250 tcp tcpwrapped open
4864149.126.72.220 5251 tcp tcpwrapped open
4865149.126.72.220 5252 tcp tcpwrapped open
4866149.126.72.220 5253 tcp tcpwrapped open
4867149.126.72.220 5254 tcp tcpwrapped open
4868149.126.72.220 5255 tcp tcpwrapped open
4869149.126.72.220 5256 tcp tcpwrapped open
4870149.126.72.220 5257 tcp tcpwrapped open
4871149.126.72.220 5258 tcp tcpwrapped open
4872149.126.72.220 5259 tcp tcpwrapped open
4873149.126.72.220 5260 tcp tcpwrapped open
4874149.126.72.220 5261 tcp tcpwrapped open
4875149.126.72.220 5262 tcp tcpwrapped open
4876149.126.72.220 5263 tcp tcpwrapped open
4877149.126.72.220 5264 tcp tcpwrapped open
4878149.126.72.220 5265 tcp tcpwrapped open
4879149.126.72.220 5266 tcp tcpwrapped open
4880149.126.72.220 5267 tcp tcpwrapped open
4881149.126.72.220 5268 tcp tcpwrapped open
4882149.126.72.220 5269 tcp tcpwrapped open
4883149.126.72.220 5270 tcp tcpwrapped open
4884149.126.72.220 5271 tcp tcpwrapped open
4885149.126.72.220 5272 tcp tcpwrapped open
4886149.126.72.220 5273 tcp tcpwrapped open
4887149.126.72.220 5274 tcp tcpwrapped open
4888149.126.72.220 5275 tcp tcpwrapped open
4889149.126.72.220 5276 tcp tcpwrapped open
4890149.126.72.220 5277 tcp tcpwrapped open
4891149.126.72.220 5278 tcp tcpwrapped open
4892149.126.72.220 5279 tcp tcpwrapped open
4893149.126.72.220 5280 tcp tcpwrapped open
4894149.126.72.220 5440 tcp tcpwrapped open
4895149.126.72.220 5443 tcp tcpwrapped open
4896149.126.72.220 5456 tcp tcpwrapped open
4897149.126.72.220 5494 tcp tcpwrapped open
4898149.126.72.220 5495 tcp tcpwrapped open
4899149.126.72.220 5500 tcp tcpwrapped open
4900149.126.72.220 5503 tcp tcpwrapped open
4901149.126.72.220 5552 tcp tcpwrapped open
4902149.126.72.220 5555 tcp tcpwrapped open
4903149.126.72.220 5556 tcp tcpwrapped open
4904149.126.72.220 5557 tcp tcpwrapped open
4905149.126.72.220 5567 tcp tcpwrapped open
4906149.126.72.220 5568 tcp tcpwrapped open
4907149.126.72.220 5569 tcp tcpwrapped open
4908149.126.72.220 5590 tcp tcpwrapped open
4909149.126.72.220 5591 tcp tcpwrapped open
4910149.126.72.220 5592 tcp tcpwrapped open
4911149.126.72.220 5593 tcp tcpwrapped open
4912149.126.72.220 5594 tcp tcpwrapped open
4913149.126.72.220 5595 tcp tcpwrapped open
4914149.126.72.220 5596 tcp tcpwrapped open
4915149.126.72.220 5597 tcp tcpwrapped open
4916149.126.72.220 5598 tcp tcpwrapped open
4917149.126.72.220 5599 tcp tcpwrapped open
4918149.126.72.220 5600 tcp tcpwrapped open
4919149.126.72.220 5601 tcp tcpwrapped open
4920149.126.72.220 5602 tcp tcpwrapped open
4921149.126.72.220 5603 tcp tcpwrapped open
4922149.126.72.220 5604 tcp tcpwrapped open
4923149.126.72.220 5605 tcp tcpwrapped open
4924149.126.72.220 5606 tcp tcpwrapped open
4925149.126.72.220 5607 tcp tcpwrapped open
4926149.126.72.220 5608 tcp tcpwrapped open
4927149.126.72.220 5609 tcp tcpwrapped open
4928149.126.72.220 5613 tcp tcpwrapped open
4929149.126.72.220 5614 tcp tcpwrapped open
4930149.126.72.220 5620 tcp tcpwrapped open
4931149.126.72.220 5630 tcp tcpwrapped open
4932149.126.72.220 5640 tcp tcpwrapped open
4933149.126.72.220 5650 tcp tcpwrapped open
4934149.126.72.220 5660 tcp tcpwrapped open
4935149.126.72.220 5671 tcp tcpwrapped open
4936149.126.72.220 5672 tcp tcpwrapped open
4937149.126.72.220 5673 tcp tcpwrapped open
4938149.126.72.220 5680 tcp tcpwrapped open
4939149.126.72.220 5696 tcp tcpwrapped open
4940149.126.72.220 5698 tcp tcpwrapped open
4941149.126.72.220 5701 tcp tcpwrapped open
4942149.126.72.220 5721 tcp tcpwrapped open
4943149.126.72.220 5900 tcp tcpwrapped open
4944149.126.72.220 5901 tcp tcpwrapped open
4945149.126.72.220 5902 tcp tcpwrapped open
4946149.126.72.220 5903 tcp tcpwrapped open
4947149.126.72.220 5904 tcp tcpwrapped open
4948149.126.72.220 5905 tcp tcpwrapped open
4949149.126.72.220 5906 tcp tcpwrapped open
4950149.126.72.220 5907 tcp tcpwrapped open
4951149.126.72.220 5908 tcp tcpwrapped open
4952149.126.72.220 5909 tcp tcpwrapped open
4953149.126.72.220 5910 tcp tcpwrapped open
4954149.126.72.220 5911 tcp tcpwrapped open
4955149.126.72.220 5912 tcp tcpwrapped open
4956149.126.72.220 5913 tcp tcpwrapped open
4957149.126.72.220 5914 tcp tcpwrapped open
4958149.126.72.220 5915 tcp tcpwrapped open
4959149.126.72.220 5916 tcp tcpwrapped open
4960149.126.72.220 5917 tcp tcpwrapped open
4961149.126.72.220 5918 tcp tcpwrapped open
4962149.126.72.220 5919 tcp tcpwrapped open
4963149.126.72.220 5920 tcp tcpwrapped open
4964149.126.72.220 5984 tcp tcpwrapped open
4965149.126.72.220 5985 tcp tcpwrapped open
4966149.126.72.220 5986 tcp tcpwrapped open
4967149.126.72.220 5987 tcp tcpwrapped open
4968149.126.72.220 5988 tcp tcpwrapped open
4969149.126.72.220 5989 tcp tcpwrapped open
4970149.126.72.220 5990 tcp tcpwrapped open
4971149.126.72.220 5991 tcp tcpwrapped open
4972149.126.72.220 5992 tcp tcpwrapped open
4973149.126.72.220 5993 tcp tcpwrapped open
4974149.126.72.220 5994 tcp tcpwrapped open
4975149.126.72.220 5995 tcp tcpwrapped open
4976149.126.72.220 5996 tcp tcpwrapped open
4977149.126.72.220 5997 tcp tcpwrapped open
4978149.126.72.220 5998 tcp tcpwrapped open
4979149.126.72.220 5999 tcp tcpwrapped open
4980149.126.72.220 6000 tcp tcpwrapped open
4981149.126.72.220 6001 tcp tcpwrapped open
4982149.126.72.220 6002 tcp tcpwrapped open
4983149.126.72.220 6003 tcp tcpwrapped open
4984149.126.72.220 6004 tcp tcpwrapped open
4985149.126.72.220 6005 tcp tcpwrapped open
4986149.126.72.220 6006 tcp tcpwrapped open
4987149.126.72.220 6007 tcp tcpwrapped open
4988149.126.72.220 6008 tcp tcpwrapped open
4989149.126.72.220 6009 tcp tcpwrapped open
4990149.126.72.220 6010 tcp tcpwrapped open
4991149.126.72.220 6011 tcp tcpwrapped open
4992149.126.72.220 6021 tcp tcpwrapped open
4993149.126.72.220 6060 tcp tcpwrapped open
4994149.126.72.220 6061 tcp tcpwrapped open
4995149.126.72.220 6081 tcp tcpwrapped open
4996149.126.72.220 6100 tcp tcpwrapped open
4997149.126.72.220 6102 tcp tcpwrapped open
4998149.126.72.220 6134 tcp tcpwrapped open
4999149.126.72.220 6161 tcp tcpwrapped open
5000149.126.72.220 6331 tcp tcpwrapped open
5001149.126.72.220 6348 tcp tcpwrapped open
5002149.126.72.220 6379 tcp tcpwrapped open
5003149.126.72.220 6380 tcp tcpwrapped open
5004149.126.72.220 6433 tcp tcpwrapped open
5005149.126.72.220 6440 tcp tcpwrapped open
5006149.126.72.220 6443 tcp tcpwrapped open
5007149.126.72.220 6488 tcp tcpwrapped open
5008149.126.72.220 6500 tcp tcpwrapped open
5009149.126.72.220 6505 tcp tcpwrapped open
5010149.126.72.220 6510 tcp tcpwrapped open
5011149.126.72.220 6511 tcp tcpwrapped open
5012149.126.72.220 6512 tcp tcpwrapped open
5013149.126.72.220 6514 tcp tcpwrapped open
5014149.126.72.220 6543 tcp tcpwrapped open
5015149.126.72.220 6544 tcp tcpwrapped open
5016149.126.72.220 6560 tcp tcpwrapped open
5017149.126.72.220 6561 tcp tcpwrapped open
5018149.126.72.220 6565 tcp tcpwrapped open
5019149.126.72.220 6580 tcp tcpwrapped open
5020149.126.72.220 6581 tcp tcpwrapped open
5021149.126.72.220 6590 tcp tcpwrapped open
5022149.126.72.220 6601 tcp tcpwrapped open
5023149.126.72.220 6603 tcp tcpwrapped open
5024149.126.72.220 6605 tcp tcpwrapped open
5025149.126.72.220 6661 tcp tcpwrapped open
5026149.126.72.220 6662 tcp tcpwrapped open
5027149.126.72.220 6666 tcp tcpwrapped open
5028149.126.72.220 6686 tcp tcpwrapped open
5029149.126.72.220 6688 tcp tcpwrapped open
5030149.126.72.220 6700 tcp tcpwrapped open
5031149.126.72.220 6755 tcp tcpwrapped open
5032149.126.72.220 6775 tcp tcpwrapped open
5033149.126.72.220 6779 tcp tcpwrapped open
5034149.126.72.220 6789 tcp tcpwrapped open
5035149.126.72.220 6799 tcp tcpwrapped open
5036149.126.72.220 7000 tcp tcpwrapped open
5037149.126.72.220 7001 tcp tcpwrapped open
5038149.126.72.220 7002 tcp tcpwrapped open
5039149.126.72.220 7003 tcp tcpwrapped open
5040149.126.72.220 7004 tcp tcpwrapped open
5041149.126.72.220 7005 tcp tcpwrapped open
5042149.126.72.220 7007 tcp tcpwrapped open
5043149.126.72.220 7010 tcp tcpwrapped open
5044149.126.72.220 7011 tcp tcpwrapped open
5045149.126.72.220 7021 tcp tcpwrapped open
5046149.126.72.220 7070 tcp tcpwrapped open
5047149.126.72.220 7071 tcp tcpwrapped open
5048149.126.72.220 7079 tcp tcpwrapped open
5049149.126.72.220 7080 tcp tcpwrapped open
5050149.126.72.220 7081 tcp tcpwrapped open
5051149.126.72.220 7082 tcp tcpwrapped open
5052149.126.72.220 7083 tcp tcpwrapped open
5053149.126.72.220 7084 tcp tcpwrapped open
5054149.126.72.220 7085 tcp tcpwrapped open
5055149.126.72.220 7086 tcp tcpwrapped open
5056149.126.72.220 7087 tcp tcpwrapped open
5057149.126.72.220 7088 tcp tcpwrapped open
5058149.126.72.220 7090 tcp tcpwrapped open
5059149.126.72.220 7171 tcp tcpwrapped open
5060149.126.72.220 7172 tcp tcpwrapped open
5061149.126.72.220 7272 tcp tcpwrapped open
5062149.126.72.220 7348 tcp tcpwrapped open
5063149.126.72.220 7403 tcp tcpwrapped open
5064149.126.72.220 7433 tcp tcpwrapped open
5065149.126.72.220 7441 tcp tcpwrapped open
5066149.126.72.220 7443 tcp tcpwrapped open
5067149.126.72.220 7444 tcp tcpwrapped open
5068149.126.72.220 7445 tcp tcpwrapped open
5069149.126.72.220 7473 tcp tcpwrapped open
5070149.126.72.220 7500 tcp tcpwrapped open
5071149.126.72.220 7537 tcp tcpwrapped open
5072149.126.72.220 7687 tcp tcpwrapped open
5073149.126.72.220 7700 tcp tcpwrapped open
5074149.126.72.220 7771 tcp tcpwrapped open
5075149.126.72.220 7773 tcp tcpwrapped open
5076149.126.72.220 7774 tcp tcpwrapped open
5077149.126.72.220 7775 tcp tcpwrapped open
5078149.126.72.220 7776 tcp tcpwrapped open
5079149.126.72.220 7777 tcp tcpwrapped open
5080149.126.72.220 7778 tcp tcpwrapped open
5081149.126.72.220 7779 tcp tcpwrapped open
5082149.126.72.220 7788 tcp tcpwrapped open
5083149.126.72.220 7799 tcp tcpwrapped open
5084149.126.72.220 7998 tcp tcpwrapped open
5085149.126.72.220 7999 tcp tcpwrapped open
5086149.126.72.220 8000 tcp tcpwrapped open
5087149.126.72.220 8001 tcp tcpwrapped open
5088149.126.72.220 8002 tcp tcpwrapped open
5089149.126.72.220 8003 tcp tcpwrapped open
5090149.126.72.220 8004 tcp tcpwrapped open
5091149.126.72.220 8005 tcp tcpwrapped open
5092149.126.72.220 8006 tcp tcpwrapped open
5093149.126.72.220 8007 tcp tcpwrapped open
5094149.126.72.220 8008 tcp tcpwrapped open
5095149.126.72.220 8009 tcp tcpwrapped open
5096149.126.72.220 8010 tcp tcpwrapped open
5097149.126.72.220 8011 tcp tcpwrapped open
5098149.126.72.220 8012 tcp tcpwrapped open
5099149.126.72.220 8013 tcp tcpwrapped open
5100149.126.72.220 8014 tcp tcpwrapped open
5101149.126.72.220 8015 tcp tcpwrapped open
5102149.126.72.220 8016 tcp tcpwrapped open
5103149.126.72.220 8017 tcp tcpwrapped open
5104149.126.72.220 8018 tcp tcpwrapped open
5105149.126.72.220 8019 tcp tcpwrapped open
5106149.126.72.220 8020 tcp tcpwrapped open
5107149.126.72.220 8021 tcp tcpwrapped open
5108149.126.72.220 8022 tcp tcpwrapped open
5109149.126.72.220 8023 tcp tcpwrapped open
5110149.126.72.220 8024 tcp tcpwrapped open
5111149.126.72.220 8025 tcp tcpwrapped open
5112149.126.72.220 8026 tcp tcpwrapped open
5113149.126.72.220 8027 tcp tcpwrapped open
5114149.126.72.220 8028 tcp tcpwrapped open
5115149.126.72.220 8029 tcp tcpwrapped open
5116149.126.72.220 8030 tcp tcpwrapped open
5117149.126.72.220 8031 tcp tcpwrapped open
5118149.126.72.220 8032 tcp tcpwrapped open
5119149.126.72.220 8033 tcp tcpwrapped open
5120149.126.72.220 8034 tcp tcpwrapped open
5121149.126.72.220 8035 tcp tcpwrapped open
5122149.126.72.220 8036 tcp tcpwrapped open
5123149.126.72.220 8037 tcp tcpwrapped open
5124149.126.72.220 8038 tcp tcpwrapped open
5125149.126.72.220 8039 tcp tcpwrapped open
5126149.126.72.220 8040 tcp tcpwrapped open
5127149.126.72.220 8041 tcp tcpwrapped open
5128149.126.72.220 8042 tcp tcpwrapped open
5129149.126.72.220 8043 tcp tcpwrapped open
5130149.126.72.220 8044 tcp tcpwrapped open
5131149.126.72.220 8045 tcp tcpwrapped open
5132149.126.72.220 8046 tcp tcpwrapped open
5133149.126.72.220 8047 tcp tcpwrapped open
5134149.126.72.220 8048 tcp tcpwrapped open
5135149.126.72.220 8049 tcp tcpwrapped open
5136149.126.72.220 8050 tcp tcpwrapped open
5137149.126.72.220 8051 tcp tcpwrapped open
5138149.126.72.220 8052 tcp tcpwrapped open
5139149.126.72.220 8053 tcp tcpwrapped open
5140149.126.72.220 8054 tcp tcpwrapped open
5141149.126.72.220 8055 tcp tcpwrapped open
5142149.126.72.220 8056 tcp tcpwrapped open
5143149.126.72.220 8057 tcp tcpwrapped open
5144149.126.72.220 8058 tcp tcpwrapped open
5145149.126.72.220 8060 tcp tcpwrapped open
5146149.126.72.220 8064 tcp tcpwrapped open
5147149.126.72.220 8065 tcp tcpwrapped open
5148149.126.72.220 8069 tcp tcpwrapped open
5149149.126.72.220 8070 tcp tcpwrapped open
5150149.126.72.220 8071 tcp tcpwrapped open
5151149.126.72.220 8072 tcp tcpwrapped open
5152149.126.72.220 8074 tcp tcpwrapped open
5153149.126.72.220 8079 tcp tcpwrapped open
5154149.126.72.220 8080 tcp tcpwrapped open
5155149.126.72.220 8081 tcp tcpwrapped open
5156149.126.72.220 8082 tcp tcpwrapped open
5157149.126.72.220 8083 tcp tcpwrapped open
5158149.126.72.220 8084 tcp tcpwrapped open
5159149.126.72.220 8085 tcp tcpwrapped open
5160149.126.72.220 8086 tcp tcpwrapped open
5161149.126.72.220 8087 tcp tcpwrapped open
5162149.126.72.220 8088 tcp tcpwrapped open
5163149.126.72.220 8089 tcp tcpwrapped open
5164149.126.72.220 8090 tcp tcpwrapped open
5165149.126.72.220 8091 tcp tcpwrapped open
5166149.126.72.220 8092 tcp tcpwrapped open
5167149.126.72.220 8093 tcp tcpwrapped open
5168149.126.72.220 8094 tcp tcpwrapped open
5169149.126.72.220 8095 tcp tcpwrapped open
5170149.126.72.220 8096 tcp tcpwrapped open
5171149.126.72.220 8097 tcp tcpwrapped open
5172149.126.72.220 8098 tcp tcpwrapped open
5173149.126.72.220 8099 tcp tcpwrapped open
5174149.126.72.220 8100 tcp tcpwrapped open
5175149.126.72.220 8101 tcp tcpwrapped open
5176149.126.72.220 8102 tcp tcpwrapped open
5177149.126.72.220 8103 tcp tcpwrapped open
5178149.126.72.220 8104 tcp tcpwrapped open
5179149.126.72.220 8105 tcp tcpwrapped open
5180149.126.72.220 8106 tcp tcpwrapped open
5181149.126.72.220 8107 tcp tcpwrapped open
5182149.126.72.220 8108 tcp tcpwrapped open
5183149.126.72.220 8109 tcp tcpwrapped open
5184149.126.72.220 8110 tcp tcpwrapped open
5185149.126.72.220 8113 tcp tcpwrapped open
5186149.126.72.220 8114 tcp tcpwrapped open
5187149.126.72.220 8115 tcp tcpwrapped open
5188149.126.72.220 8118 tcp tcpwrapped open
5189149.126.72.220 8119 tcp tcpwrapped open
5190149.126.72.220 8120 tcp tcpwrapped open
5191149.126.72.220 8121 tcp tcpwrapped open
5192149.126.72.220 8123 tcp tcpwrapped open
5193149.126.72.220 8125 tcp tcpwrapped open
5194149.126.72.220 8126 tcp tcpwrapped open
5195149.126.72.220 8128 tcp tcpwrapped open
5196149.126.72.220 8129 tcp tcpwrapped open
5197149.126.72.220 8130 tcp tcpwrapped open
5198149.126.72.220 8131 tcp tcpwrapped open
5199149.126.72.220 8132 tcp tcpwrapped open
5200149.126.72.220 8133 tcp tcpwrapped open
5201149.126.72.220 8136 tcp tcpwrapped open
5202149.126.72.220 8140 tcp tcpwrapped open
5203149.126.72.220 8142 tcp tcpwrapped open
5204149.126.72.220 8143 tcp tcpwrapped open
5205149.126.72.220 8144 tcp tcpwrapped open
5206149.126.72.220 8147 tcp tcpwrapped open
5207149.126.72.220 8148 tcp tcpwrapped open
5208149.126.72.220 8149 tcp tcpwrapped open
5209149.126.72.220 8150 tcp tcpwrapped open
5210149.126.72.220 8154 tcp tcpwrapped open
5211149.126.72.220 8156 tcp tcpwrapped open
5212149.126.72.220 8157 tcp tcpwrapped open
5213149.126.72.220 8158 tcp tcpwrapped open
5214149.126.72.220 8160 tcp tcpwrapped open
5215149.126.72.220 8161 tcp tcpwrapped open
5216149.126.72.220 8162 tcp tcpwrapped open
5217149.126.72.220 8163 tcp tcpwrapped open
5218149.126.72.220 8164 tcp tcpwrapped open
5219149.126.72.220 8165 tcp tcpwrapped open
5220149.126.72.220 8166 tcp tcpwrapped open
5221149.126.72.220 8167 tcp tcpwrapped open
5222149.126.72.220 8168 tcp tcpwrapped open
5223149.126.72.220 8169 tcp tcpwrapped open
5224149.126.72.220 8170 tcp tcpwrapped open
5225149.126.72.220 8171 tcp tcpwrapped open
5226149.126.72.220 8172 tcp tcpwrapped open
5227149.126.72.220 8173 tcp tcpwrapped open
5228149.126.72.220 8175 tcp tcpwrapped open
5229149.126.72.220 8176 tcp tcpwrapped open
5230149.126.72.220 8178 tcp tcpwrapped open
5231149.126.72.220 8179 tcp tcpwrapped open
5232149.126.72.220 8180 tcp tcpwrapped open
5233149.126.72.220 8181 tcp tcpwrapped open
5234149.126.72.220 8182 tcp tcpwrapped open
5235149.126.72.220 8183 tcp tcpwrapped open
5236149.126.72.220 8184 tcp tcpwrapped open
5237149.126.72.220 8185 tcp tcpwrapped open
5238149.126.72.220 8186 tcp tcpwrapped open
5239149.126.72.220 8187 tcp tcpwrapped open
5240149.126.72.220 8188 tcp tcpwrapped open
5241149.126.72.220 8189 tcp tcpwrapped open
5242149.126.72.220 8190 tcp tcpwrapped open
5243149.126.72.220 8191 tcp tcpwrapped open
5244149.126.72.220 8192 tcp tcpwrapped open
5245149.126.72.220 8193 tcp tcpwrapped open
5246149.126.72.220 8194 tcp tcpwrapped open
5247149.126.72.220 8195 tcp tcpwrapped open
5248149.126.72.220 8198 tcp tcpwrapped open
5249149.126.72.220 8199 tcp tcpwrapped open
5250149.126.72.220 8200 tcp tcpwrapped open
5251149.126.72.220 8203 tcp tcpwrapped open
5252149.126.72.220 8222 tcp tcpwrapped open
5253149.126.72.220 8230 tcp tcpwrapped open
5254149.126.72.220 8236 tcp tcpwrapped open
5255149.126.72.220 8237 tcp tcpwrapped open
5256149.126.72.220 8238 tcp tcpwrapped open
5257149.126.72.220 8239 tcp tcpwrapped open
5258149.126.72.220 8241 tcp tcpwrapped open
5259149.126.72.220 8243 tcp tcpwrapped open
5260149.126.72.220 8248 tcp tcpwrapped open
5261149.126.72.220 8249 tcp tcpwrapped open
5262149.126.72.220 8250 tcp tcpwrapped open
5263149.126.72.220 8251 tcp tcpwrapped open
5264149.126.72.220 8252 tcp tcpwrapped open
5265149.126.72.220 8280 tcp tcpwrapped open
5266149.126.72.220 8282 tcp tcpwrapped open
5267149.126.72.220 8333 tcp tcpwrapped open
5268149.126.72.220 8340 tcp tcpwrapped open
5269149.126.72.220 8343 tcp tcpwrapped open
5270149.126.72.220 8350 tcp tcpwrapped open
5271149.126.72.220 8381 tcp tcpwrapped open
5272149.126.72.220 8382 tcp tcpwrapped open
5273149.126.72.220 8383 tcp tcpwrapped open
5274149.126.72.220 8384 tcp tcpwrapped open
5275149.126.72.220 8385 tcp tcpwrapped open
5276149.126.72.220 8388 tcp tcpwrapped open
5277149.126.72.220 8393 tcp tcpwrapped open
5278149.126.72.220 8401 tcp tcpwrapped open
5279149.126.72.220 8402 tcp tcpwrapped open
5280149.126.72.220 8403 tcp tcpwrapped open
5281149.126.72.220 8404 tcp tcpwrapped open
5282149.126.72.220 8405 tcp tcpwrapped open
5283149.126.72.220 8406 tcp tcpwrapped open
5284149.126.72.220 8407 tcp tcpwrapped open
5285149.126.72.220 8408 tcp tcpwrapped open
5286149.126.72.220 8409 tcp tcpwrapped open
5287149.126.72.220 8410 tcp tcpwrapped open
5288149.126.72.220 8411 tcp tcpwrapped open
5289149.126.72.220 8412 tcp tcpwrapped open
5290149.126.72.220 8413 tcp tcpwrapped open
5291149.126.72.220 8414 tcp tcpwrapped open
5292149.126.72.220 8415 tcp tcpwrapped open
5293149.126.72.220 8416 tcp tcpwrapped open
5294149.126.72.220 8417 tcp tcpwrapped open
5295149.126.72.220 8418 tcp tcpwrapped open
5296149.126.72.220 8419 tcp tcpwrapped open
5297149.126.72.220 8420 tcp tcpwrapped open
5298149.126.72.220 8421 tcp tcpwrapped open
5299149.126.72.220 8422 tcp tcpwrapped open
5300149.126.72.220 8423 tcp tcpwrapped open
5301149.126.72.220 8424 tcp tcpwrapped open
5302149.126.72.220 8425 tcp tcpwrapped open
5303149.126.72.220 8426 tcp tcpwrapped open
5304149.126.72.220 8427 tcp tcpwrapped open
5305149.126.72.220 8428 tcp tcpwrapped open
5306149.126.72.220 8429 tcp tcpwrapped open
5307149.126.72.220 8430 tcp tcpwrapped open
5308149.126.72.220 8431 tcp tcpwrapped open
5309149.126.72.220 8432 tcp tcpwrapped open
5310149.126.72.220 8433 tcp tcpwrapped open
5311149.126.72.220 8435 tcp tcpwrapped open
5312149.126.72.220 8440 tcp tcpwrapped open
5313149.126.72.220 8441 tcp tcpwrapped open
5314149.126.72.220 8442 tcp tcpwrapped open
5315149.126.72.220 8443 tcp tcpwrapped open
5316149.126.72.220 8444 tcp tcpwrapped open
5317149.126.72.220 8445 tcp tcpwrapped open
5318149.126.72.220 8446 tcp tcpwrapped open
5319149.126.72.220 8447 tcp tcpwrapped open
5320149.126.72.220 8448 tcp tcpwrapped open
5321149.126.72.220 8449 tcp tcpwrapped open
5322149.126.72.220 8450 tcp tcpwrapped open
5323149.126.72.220 8451 tcp tcpwrapped open
5324149.126.72.220 8452 tcp tcpwrapped open
5325149.126.72.220 8453 tcp tcpwrapped open
5326149.126.72.220 8454 tcp tcpwrapped open
5327149.126.72.220 8455 tcp tcpwrapped open
5328149.126.72.220 8456 tcp tcpwrapped open
5329149.126.72.220 8457 tcp tcpwrapped open
5330149.126.72.220 8458 tcp tcpwrapped open
5331149.126.72.220 8459 tcp tcpwrapped open
5332149.126.72.220 8460 tcp tcpwrapped open
5333149.126.72.220 8461 tcp tcpwrapped open
5334149.126.72.220 8462 tcp tcpwrapped open
5335149.126.72.220 8463 tcp tcpwrapped open
5336149.126.72.220 8464 tcp tcpwrapped open
5337149.126.72.220 8465 tcp tcpwrapped open
5338149.126.72.220 8466 tcp tcpwrapped open
5339149.126.72.220 8467 tcp tcpwrapped open
5340149.126.72.220 8470 tcp tcpwrapped open
5341149.126.72.220 8472 tcp tcpwrapped open
5342149.126.72.220 8473 tcp tcpwrapped open
5343149.126.72.220 8475 tcp tcpwrapped open
5344149.126.72.220 8480 tcp tcpwrapped open
5345149.126.72.220 8481 tcp tcpwrapped open
5346149.126.72.220 8482 tcp tcpwrapped open
5347149.126.72.220 8484 tcp tcpwrapped open
5348149.126.72.220 8485 tcp tcpwrapped open
5349149.126.72.220 8488 tcp tcpwrapped open
5350149.126.72.220 8493 tcp tcpwrapped open
5351149.126.72.220 8494 tcp tcpwrapped open
5352149.126.72.220 8500 tcp tcpwrapped open
5353149.126.72.220 8502 tcp tcpwrapped open
5354149.126.72.220 8503 tcp tcpwrapped open
5355149.126.72.220 8504 tcp tcpwrapped open
5356149.126.72.220 8505 tcp tcpwrapped open
5357149.126.72.220 8506 tcp tcpwrapped open
5358149.126.72.220 8510 tcp tcpwrapped open
5359149.126.72.220 8513 tcp tcpwrapped open
5360149.126.72.220 8514 tcp tcpwrapped open
5361149.126.72.220 8515 tcp tcpwrapped open
5362149.126.72.220 8519 tcp tcpwrapped open
5363149.126.72.220 8520 tcp tcpwrapped open
5364149.126.72.220 8521 tcp tcpwrapped open
5365149.126.72.220 8523 tcp tcpwrapped open
5366149.126.72.220 8524 tcp tcpwrapped open
5367149.126.72.220 8525 tcp tcpwrapped open
5368149.126.72.220 8526 tcp tcpwrapped open
5369149.126.72.220 8528 tcp tcpwrapped open
5370149.126.72.220 8529 tcp tcpwrapped open
5371149.126.72.220 8530 tcp tcpwrapped open
5372149.126.72.220 8531 tcp tcpwrapped open
5373149.126.72.220 8532 tcp tcpwrapped open
5374149.126.72.220 8533 tcp tcpwrapped open
5375149.126.72.220 8536 tcp tcpwrapped open
5376149.126.72.220 8540 tcp tcpwrapped open
5377149.126.72.220 8543 tcp tcpwrapped open
5378149.126.72.220 8544 tcp tcpwrapped open
5379149.126.72.220 8548 tcp tcpwrapped open
5380149.126.72.220 8549 tcp tcpwrapped open
5381149.126.72.220 8550 tcp tcpwrapped open
5382149.126.72.220 8551 tcp tcpwrapped open
5383149.126.72.220 8553 tcp tcpwrapped open
5384149.126.72.220 8556 tcp tcpwrapped open
5385149.126.72.220 8557 tcp tcpwrapped open
5386149.126.72.220 8558 tcp tcpwrapped open
5387149.126.72.220 8560 tcp tcpwrapped open
5388149.126.72.220 8561 tcp tcpwrapped open
5389149.126.72.220 8562 tcp tcpwrapped open
5390149.126.72.220 8563 tcp tcpwrapped open
5391149.126.72.220 8564 tcp tcpwrapped open
5392149.126.72.220 8565 tcp tcpwrapped open
5393149.126.72.220 8566 tcp tcpwrapped open
5394149.126.72.220 8567 tcp tcpwrapped open
5395149.126.72.220 8568 tcp tcpwrapped open
5396149.126.72.220 8569 tcp tcpwrapped open
5397149.126.72.220 8570 tcp tcpwrapped open
5398149.126.72.220 8571 tcp tcpwrapped open
5399149.126.72.220 8573 tcp tcpwrapped open
5400149.126.72.220 8574 tcp tcpwrapped open
5401149.126.72.220 8575 tcp tcpwrapped open
5402149.126.72.220 8576 tcp tcpwrapped open
5403149.126.72.220 8577 tcp tcpwrapped open
5404149.126.72.220 8578 tcp tcpwrapped open
5405149.126.72.220 8579 tcp tcpwrapped open
5406149.126.72.220 8580 tcp tcpwrapped open
5407149.126.72.220 8581 tcp tcpwrapped open
5408149.126.72.220 8582 tcp tcpwrapped open
5409149.126.72.220 8583 tcp tcpwrapped open
5410149.126.72.220 8585 tcp tcpwrapped open
5411149.126.72.220 8586 tcp tcpwrapped open
5412149.126.72.220 8588 tcp tcpwrapped open
5413149.126.72.220 8589 tcp tcpwrapped open
5414149.126.72.220 8590 tcp tcpwrapped open
5415149.126.72.220 8591 tcp tcpwrapped open
5416149.126.72.220 8592 tcp tcpwrapped open
5417149.126.72.220 8593 tcp tcpwrapped open
5418149.126.72.220 8594 tcp tcpwrapped open
5419149.126.72.220 8595 tcp tcpwrapped open
5420149.126.72.220 8596 tcp tcpwrapped open
5421149.126.72.220 8597 tcp tcpwrapped open
5422149.126.72.220 8598 tcp tcpwrapped open
5423149.126.72.220 8599 tcp tcpwrapped open
5424149.126.72.220 8600 tcp tcpwrapped open
5425149.126.72.220 8601 tcp tcpwrapped open
5426149.126.72.220 8605 tcp tcpwrapped open
5427149.126.72.220 8606 tcp tcpwrapped open
5428149.126.72.220 8630 tcp tcpwrapped open
5429149.126.72.220 8640 tcp tcpwrapped open
5430149.126.72.220 8641 tcp tcpwrapped open
5431149.126.72.220 8643 tcp tcpwrapped open
5432149.126.72.220 8663 tcp tcpwrapped open
5433149.126.72.220 8666 tcp tcpwrapped open
5434149.126.72.220 8686 tcp tcpwrapped open
5435149.126.72.220 8688 tcp tcpwrapped open
5436149.126.72.220 8700 tcp tcpwrapped open
5437149.126.72.220 8701 tcp tcpwrapped open
5438149.126.72.220 8702 tcp tcpwrapped open
5439149.126.72.220 8703 tcp tcpwrapped open
5440149.126.72.220 8704 tcp tcpwrapped open
5441149.126.72.220 8705 tcp tcpwrapped open
5442149.126.72.220 8706 tcp tcpwrapped open
5443149.126.72.220 8707 tcp tcpwrapped open
5444149.126.72.220 8708 tcp tcpwrapped open
5445149.126.72.220 8709 tcp tcpwrapped open
5446149.126.72.220 8723 tcp tcpwrapped open
5447149.126.72.220 8724 tcp tcpwrapped open
5448149.126.72.220 8731 tcp tcpwrapped open
5449149.126.72.220 8732 tcp tcpwrapped open
5450149.126.72.220 8764 tcp tcpwrapped open
5451149.126.72.220 8765 tcp tcpwrapped open
5452149.126.72.220 8766 tcp tcpwrapped open
5453149.126.72.220 8767 tcp tcpwrapped open
5454149.126.72.220 8771 tcp tcpwrapped open
5455149.126.72.220 8787 tcp tcpwrapped open
5456149.126.72.220 8788 tcp tcpwrapped open
5457149.126.72.220 8789 tcp tcpwrapped open
5458149.126.72.220 8790 tcp tcpwrapped open
5459149.126.72.220 8791 tcp tcpwrapped open
5460149.126.72.220 8800 tcp tcpwrapped open
5461149.126.72.220 8801 tcp tcpwrapped open
5462149.126.72.220 8802 tcp tcpwrapped open
5463149.126.72.220 8803 tcp tcpwrapped open
5464149.126.72.220 8804 tcp tcpwrapped open
5465149.126.72.220 8805 tcp tcpwrapped open
5466149.126.72.220 8806 tcp tcpwrapped open
5467149.126.72.220 8807 tcp tcpwrapped open
5468149.126.72.220 8808 tcp tcpwrapped open
5469149.126.72.220 8809 tcp tcpwrapped open
5470149.126.72.220 8810 tcp tcpwrapped open
5471149.126.72.220 8811 tcp tcpwrapped open
5472149.126.72.220 8812 tcp tcpwrapped open
5473149.126.72.220 8813 tcp tcpwrapped open
5474149.126.72.220 8814 tcp tcpwrapped open
5475149.126.72.220 8815 tcp tcpwrapped open
5476149.126.72.220 8816 tcp tcpwrapped open
5477149.126.72.220 8817 tcp tcpwrapped open
5478149.126.72.220 8818 tcp tcpwrapped open
5479149.126.72.220 8819 tcp tcpwrapped open
5480149.126.72.220 8820 tcp tcpwrapped open
5481149.126.72.220 8821 tcp tcpwrapped open
5482149.126.72.220 8822 tcp tcpwrapped open
5483149.126.72.220 8823 tcp tcpwrapped open
5484149.126.72.220 8824 tcp tcpwrapped open
5485149.126.72.220 8825 tcp tcpwrapped open
5486149.126.72.220 8826 tcp tcpwrapped open
5487149.126.72.220 8827 tcp tcpwrapped open
5488149.126.72.220 8828 tcp tcpwrapped open
5489149.126.72.220 8829 tcp tcpwrapped open
5490149.126.72.220 8830 tcp tcpwrapped open
5491149.126.72.220 8831 tcp tcpwrapped open
5492149.126.72.220 8832 tcp tcpwrapped open
5493149.126.72.220 8833 tcp tcpwrapped open
5494149.126.72.220 8834 tcp tcpwrapped open
5495149.126.72.220 8835 tcp tcpwrapped open
5496149.126.72.220 8836 tcp tcpwrapped open
5497149.126.72.220 8837 tcp tcpwrapped open
5498149.126.72.220 8838 tcp tcpwrapped open
5499149.126.72.220 8839 tcp tcpwrapped open
5500149.126.72.220 8840 tcp tcpwrapped open
5501149.126.72.220 8841 tcp tcpwrapped open
5502149.126.72.220 8842 tcp tcpwrapped open
5503149.126.72.220 8843 tcp tcpwrapped open
5504149.126.72.220 8844 tcp tcpwrapped open
5505149.126.72.220 8845 tcp tcpwrapped open
5506149.126.72.220 8846 tcp tcpwrapped open
5507149.126.72.220 8847 tcp tcpwrapped open
5508149.126.72.220 8848 tcp tcpwrapped open
5509149.126.72.220 8849 tcp tcpwrapped open
5510149.126.72.220 8850 tcp tcpwrapped open
5511149.126.72.220 8851 tcp tcpwrapped open
5512149.126.72.220 8852 tcp tcpwrapped open
5513149.126.72.220 8853 tcp tcpwrapped open
5514149.126.72.220 8854 tcp tcpwrapped open
5515149.126.72.220 8855 tcp tcpwrapped open
5516149.126.72.220 8856 tcp tcpwrapped open
5517149.126.72.220 8857 tcp tcpwrapped open
5518149.126.72.220 8858 tcp tcpwrapped open
5519149.126.72.220 8859 tcp tcpwrapped open
5520149.126.72.220 8860 tcp tcpwrapped open
5521149.126.72.220 8861 tcp tcpwrapped open
5522149.126.72.220 8862 tcp tcpwrapped open
5523149.126.72.220 8863 tcp tcpwrapped open
5524149.126.72.220 8864 tcp tcpwrapped open
5525149.126.72.220 8865 tcp tcpwrapped open
5526149.126.72.220 8866 tcp tcpwrapped open
5527149.126.72.220 8867 tcp tcpwrapped open
5528149.126.72.220 8868 tcp tcpwrapped open
5529149.126.72.220 8869 tcp tcpwrapped open
5530149.126.72.220 8870 tcp tcpwrapped open
5531149.126.72.220 8871 tcp tcpwrapped open
5532149.126.72.220 8872 tcp tcpwrapped open
5533149.126.72.220 8873 tcp tcpwrapped open
5534149.126.72.220 8874 tcp tcpwrapped open
5535149.126.72.220 8875 tcp tcpwrapped open
5536149.126.72.220 8876 tcp tcpwrapped open
5537149.126.72.220 8877 tcp tcpwrapped open
5538149.126.72.220 8878 tcp tcpwrapped open
5539149.126.72.220 8879 tcp tcpwrapped open
5540149.126.72.220 8880 tcp tcpwrapped open
5541149.126.72.220 8881 tcp tcpwrapped open
5542149.126.72.220 8882 tcp tcpwrapped open
5543149.126.72.220 8883 tcp tcpwrapped open
5544149.126.72.220 8884 tcp tcpwrapped open
5545149.126.72.220 8885 tcp tcpwrapped open
5546149.126.72.220 8887 tcp tcpwrapped open
5547149.126.72.220 8888 tcp tcpwrapped open
5548149.126.72.220 8889 tcp tcpwrapped open
5549149.126.72.220 8890 tcp tcpwrapped open
5550149.126.72.220 8891 tcp tcpwrapped open
5551149.126.72.220 8899 tcp tcpwrapped open
5552149.126.72.220 8900 tcp tcpwrapped open
5553149.126.72.220 8901 tcp tcpwrapped open
5554149.126.72.220 8902 tcp tcpwrapped open
5555149.126.72.220 8905 tcp tcpwrapped open
5556149.126.72.220 8906 tcp tcpwrapped open
5557149.126.72.220 8907 tcp tcpwrapped open
5558149.126.72.220 8908 tcp tcpwrapped open
5559149.126.72.220 8910 tcp tcpwrapped open
5560149.126.72.220 8911 tcp tcpwrapped open
5561149.126.72.220 8912 tcp tcpwrapped open
5562149.126.72.220 8913 tcp tcpwrapped open
5563149.126.72.220 8915 tcp tcpwrapped open
5564149.126.72.220 8916 tcp tcpwrapped open
5565149.126.72.220 8935 tcp tcpwrapped open
5566149.126.72.220 8943 tcp tcpwrapped open
5567149.126.72.220 8969 tcp tcpwrapped open
5568149.126.72.220 8988 tcp tcpwrapped open
5569149.126.72.220 8989 tcp tcpwrapped open
5570149.126.72.220 8999 tcp tcpwrapped open
5571149.126.72.220 9000 tcp tcpwrapped open
5572149.126.72.220 9001 tcp tcpwrapped open
5573149.126.72.220 9002 tcp tcpwrapped open
5574149.126.72.220 9003 tcp tcpwrapped open
5575149.126.72.220 9004 tcp tcpwrapped open
5576149.126.72.220 9005 tcp tcpwrapped open
5577149.126.72.220 9006 tcp tcpwrapped open
5578149.126.72.220 9007 tcp tcpwrapped open
5579149.126.72.220 9008 tcp tcpwrapped open
5580149.126.72.220 9009 tcp tcpwrapped open
5581149.126.72.220 9010 tcp tcpwrapped open
5582149.126.72.220 9011 tcp tcpwrapped open
5583149.126.72.220 9012 tcp tcpwrapped open
5584149.126.72.220 9013 tcp tcpwrapped open
5585149.126.72.220 9014 tcp tcpwrapped open
5586149.126.72.220 9015 tcp tcpwrapped open
5587149.126.72.220 9016 tcp tcpwrapped open
5588149.126.72.220 9017 tcp tcpwrapped open
5589149.126.72.220 9018 tcp tcpwrapped open
5590149.126.72.220 9019 tcp tcpwrapped open
5591149.126.72.220 9020 tcp tcpwrapped open
5592149.126.72.220 9021 tcp tcpwrapped open
5593149.126.72.220 9022 tcp tcpwrapped open
5594149.126.72.220 9023 tcp tcpwrapped open
5595149.126.72.220 9024 tcp tcpwrapped open
5596149.126.72.220 9025 tcp tcpwrapped open
5597149.126.72.220 9026 tcp tcpwrapped open
5598149.126.72.220 9027 tcp tcpwrapped open
5599149.126.72.220 9028 tcp tcpwrapped open
5600149.126.72.220 9029 tcp tcpwrapped open
5601149.126.72.220 9030 tcp tcpwrapped open
5602149.126.72.220 9031 tcp tcpwrapped open
5603149.126.72.220 9032 tcp tcpwrapped open
5604149.126.72.220 9033 tcp tcpwrapped open
5605149.126.72.220 9034 tcp tcpwrapped open
5606149.126.72.220 9035 tcp tcpwrapped open
5607149.126.72.220 9036 tcp tcpwrapped open
5608149.126.72.220 9037 tcp tcpwrapped open
5609149.126.72.220 9038 tcp tcpwrapped open
5610149.126.72.220 9039 tcp tcpwrapped open
5611149.126.72.220 9040 tcp tcpwrapped open
5612149.126.72.220 9041 tcp tcpwrapped open
5613149.126.72.220 9042 tcp tcpwrapped open
5614149.126.72.220 9043 tcp tcpwrapped open
5615149.126.72.220 9044 tcp tcpwrapped open
5616149.126.72.220 9045 tcp tcpwrapped open
5617149.126.72.220 9046 tcp tcpwrapped open
5618149.126.72.220 9047 tcp tcpwrapped open
5619149.126.72.220 9048 tcp tcpwrapped open
5620149.126.72.220 9049 tcp tcpwrapped open
5621149.126.72.220 9050 tcp tcpwrapped open
5622149.126.72.220 9051 tcp tcpwrapped open
5623149.126.72.220 9052 tcp tcpwrapped open
5624149.126.72.220 9058 tcp tcpwrapped open
5625149.126.72.220 9060 tcp tcpwrapped open
5626149.126.72.220 9061 tcp tcpwrapped open
5627149.126.72.220 9070 tcp tcpwrapped open
5628149.126.72.220 9080 tcp tcpwrapped open
5629149.126.72.220 9081 tcp tcpwrapped open
5630149.126.72.220 9082 tcp tcpwrapped open
5631149.126.72.220 9084 tcp tcpwrapped open
5632149.126.72.220 9085 tcp tcpwrapped open
5633149.126.72.220 9086 tcp tcpwrapped open
5634149.126.72.220 9088 tcp tcpwrapped open
5635149.126.72.220 9089 tcp tcpwrapped open
5636149.126.72.220 9090 tcp tcpwrapped open
5637149.126.72.220 9091 tcp tcpwrapped open
5638149.126.72.220 9092 tcp tcpwrapped open
5639149.126.72.220 9093 tcp tcpwrapped open
5640149.126.72.220 9094 tcp tcpwrapped open
5641149.126.72.220 9095 tcp tcpwrapped open
5642149.126.72.220 9096 tcp tcpwrapped open
5643149.126.72.220 9097 tcp tcpwrapped open
5644149.126.72.220 9098 tcp tcpwrapped open
5645149.126.72.220 9099 tcp tcpwrapped open
5646149.126.72.220 9100 tcp jetdirect open
5647149.126.72.220 9101 tcp jetdirect open
5648149.126.72.220 9102 tcp jetdirect open
5649149.126.72.220 9103 tcp jetdirect open
5650149.126.72.220 9104 tcp jetdirect open
5651149.126.72.220 9105 tcp jetdirect open
5652149.126.72.220 9106 tcp jetdirect open
5653149.126.72.220 9107 tcp jetdirect open
5654149.126.72.220 9108 tcp tcpwrapped open
5655149.126.72.220 9109 tcp tcpwrapped open
5656149.126.72.220 9110 tcp tcpwrapped open
5657149.126.72.220 9111 tcp tcpwrapped open
5658149.126.72.220 9136 tcp tcpwrapped open
5659149.126.72.220 9143 tcp tcpwrapped open
5660149.126.72.220 9189 tcp tcpwrapped open
5661149.126.72.220 9199 tcp tcpwrapped open
5662149.126.72.220 9200 tcp tcpwrapped open
5663149.126.72.220 9201 tcp tcpwrapped open
5664149.126.72.220 9202 tcp tcpwrapped open
5665149.126.72.220 9203 tcp tcpwrapped open
5666149.126.72.220 9204 tcp tcpwrapped open
5667149.126.72.220 9205 tcp tcpwrapped open
5668149.126.72.220 9206 tcp tcpwrapped open
5669149.126.72.220 9207 tcp tcpwrapped open
5670149.126.72.220 9208 tcp tcpwrapped open
5671149.126.72.220 9209 tcp tcpwrapped open
5672149.126.72.220 9210 tcp tcpwrapped open
5673149.126.72.220 9211 tcp tcpwrapped open
5674149.126.72.220 9212 tcp tcpwrapped open
5675149.126.72.220 9213 tcp tcpwrapped open
5676149.126.72.220 9214 tcp tcpwrapped open
5677149.126.72.220 9215 tcp tcpwrapped open
5678149.126.72.220 9216 tcp tcpwrapped open
5679149.126.72.220 9217 tcp tcpwrapped open
5680149.126.72.220 9218 tcp tcpwrapped open
5681149.126.72.220 9219 tcp tcpwrapped open
5682149.126.72.220 9220 tcp tcpwrapped open
5683149.126.72.220 9221 tcp tcpwrapped open
5684149.126.72.220 9236 tcp tcpwrapped open
5685149.126.72.220 9251 tcp tcpwrapped open
5686149.126.72.220 9289 tcp tcpwrapped open
5687149.126.72.220 9299 tcp tcpwrapped open
5688149.126.72.220 9300 tcp tcpwrapped open
5689149.126.72.220 9301 tcp tcpwrapped open
5690149.126.72.220 9302 tcp tcpwrapped open
5691149.126.72.220 9303 tcp tcpwrapped open
5692149.126.72.220 9304 tcp tcpwrapped open
5693149.126.72.220 9305 tcp tcpwrapped open
5694149.126.72.220 9306 tcp tcpwrapped open
5695149.126.72.220 9307 tcp tcpwrapped open
5696149.126.72.220 9308 tcp tcpwrapped open
5697149.126.72.220 9309 tcp tcpwrapped open
5698149.126.72.220 9310 tcp tcpwrapped open
5699149.126.72.220 9311 tcp tcpwrapped open
5700149.126.72.220 9350 tcp tcpwrapped open
5701149.126.72.220 9383 tcp tcpwrapped open
5702149.126.72.220 9387 tcp tcpwrapped open
5703149.126.72.220 9389 tcp tcpwrapped open
5704149.126.72.220 9433 tcp tcpwrapped open
5705149.126.72.220 9443 tcp tcpwrapped open
5706149.126.72.220 9444 tcp tcpwrapped open
5707149.126.72.220 9446 tcp tcpwrapped open
5708149.126.72.220 9447 tcp tcpwrapped open
5709149.126.72.220 9500 tcp tcpwrapped open
5710149.126.72.220 9510 tcp tcpwrapped open
5711149.126.72.220 9530 tcp tcpwrapped open
5712149.126.72.220 9550 tcp tcpwrapped open
5713149.126.72.220 9600 tcp tcpwrapped open
5714149.126.72.220 9663 tcp tcpwrapped open
5715149.126.72.220 9690 tcp tcpwrapped open
5716149.126.72.220 9704 tcp tcpwrapped open
5717149.126.72.220 9710 tcp tcpwrapped open
5718149.126.72.220 9711 tcp tcpwrapped open
5719149.126.72.220 9765 tcp tcpwrapped open
5720149.126.72.220 9773 tcp tcpwrapped open
5721149.126.72.220 9779 tcp tcpwrapped open
5722149.126.72.220 9800 tcp tcpwrapped open
5723149.126.72.220 9803 tcp tcpwrapped open
5724149.126.72.220 9804 tcp tcpwrapped open
5725149.126.72.220 9950 tcp tcpwrapped open
5726149.126.72.220 9991 tcp tcpwrapped open
5727149.126.72.220 9992 tcp tcpwrapped open
5728149.126.72.220 9993 tcp tcpwrapped open
5729149.126.72.220 9994 tcp tcpwrapped open
5730149.126.72.220 9997 tcp tcpwrapped open
5731149.126.72.220 9998 tcp tcpwrapped open
5732149.126.72.220 9999 tcp tcpwrapped open
5733149.126.72.220 10000 tcp tcpwrapped open
5734149.126.72.220 10001 tcp tcpwrapped open
5735149.126.72.220 10002 tcp tcpwrapped open
5736149.126.72.220 10003 tcp tcpwrapped open
5737149.126.72.220 10004 tcp tcpwrapped open
5738149.126.72.220 10005 tcp tcpwrapped open
5739149.126.72.220 10006 tcp tcpwrapped open
5740149.126.72.220 10007 tcp tcpwrapped open
5741149.126.72.220 10008 tcp tcpwrapped open
5742149.126.72.220 10009 tcp tcpwrapped open
5743149.126.72.220 10010 tcp tcpwrapped open
5744149.126.72.220 10011 tcp tcpwrapped open
5745149.126.72.220 10012 tcp tcpwrapped open
5746149.126.72.220 10013 tcp tcpwrapped open
5747149.126.72.220 10014 tcp tcpwrapped open
5748149.126.72.220 10015 tcp tcpwrapped open
5749149.126.72.220 10016 tcp tcpwrapped open
5750149.126.72.220 10017 tcp tcpwrapped open
5751149.126.72.220 10018 tcp tcpwrapped open
5752149.126.72.220 10019 tcp tcpwrapped open
5753149.126.72.220 10020 tcp tcpwrapped open
5754149.126.72.220 10021 tcp tcpwrapped open
5755149.126.72.220 10022 tcp tcpwrapped open
5756149.126.72.220 10023 tcp tcpwrapped open
5757149.126.72.220 10024 tcp tcpwrapped open
5758149.126.72.220 10025 tcp tcpwrapped open
5759149.126.72.220 10026 tcp tcpwrapped open
5760149.126.72.220 10027 tcp tcpwrapped open
5761149.126.72.220 10028 tcp tcpwrapped open
5762149.126.72.220 10029 tcp tcpwrapped open
5763149.126.72.220 10030 tcp tcpwrapped open
5764149.126.72.220 10031 tcp tcpwrapped open
5765149.126.72.220 10032 tcp tcpwrapped open
5766149.126.72.220 10033 tcp tcpwrapped open
5767149.126.72.220 10034 tcp tcpwrapped open
5768149.126.72.220 10035 tcp tcpwrapped open
5769149.126.72.220 10036 tcp tcpwrapped open
5770149.126.72.220 10037 tcp tcpwrapped open
5771149.126.72.220 10038 tcp tcpwrapped open
5772149.126.72.220 10039 tcp tcpwrapped open
5773149.126.72.220 10040 tcp tcpwrapped open
5774149.126.72.220 10041 tcp tcpwrapped open
5775149.126.72.220 10042 tcp tcpwrapped open
5776149.126.72.220 10043 tcp tcpwrapped open
5777149.126.72.220 10044 tcp tcpwrapped open
5778149.126.72.220 10045 tcp tcpwrapped open
5779149.126.72.220 10046 tcp tcpwrapped open
5780149.126.72.220 10047 tcp tcpwrapped open
5781149.126.72.220 10048 tcp tcpwrapped open
5782149.126.72.220 10049 tcp tcpwrapped open
5783149.126.72.220 10065 tcp tcpwrapped open
5784149.126.72.220 10071 tcp tcpwrapped open
5785149.126.72.220 10075 tcp tcpwrapped open
5786149.126.72.220 10082 tcp tcpwrapped open
5787149.126.72.220 10084 tcp tcpwrapped open
5788149.126.72.220 10100 tcp tcpwrapped open
5789149.126.72.220 10123 tcp tcpwrapped open
5790149.126.72.220 10200 tcp tcpwrapped open
5791149.126.72.220 10443 tcp tcpwrapped open
5792149.126.72.220 10444 tcp tcpwrapped open
5793149.126.72.220 10892 tcp tcpwrapped open
5794149.126.72.220 10894 tcp tcpwrapped open
5795149.126.72.220 11001 tcp tcpwrapped open
5796149.126.72.220 11002 tcp tcpwrapped open
5797149.126.72.220 11007 tcp tcpwrapped open
5798149.126.72.220 11027 tcp tcpwrapped open
5799149.126.72.220 11065 tcp tcpwrapped open
5800149.126.72.220 11075 tcp tcpwrapped open
5801149.126.72.220 11082 tcp tcpwrapped open
5802149.126.72.220 11084 tcp tcpwrapped open
5803149.126.72.220 11110 tcp tcpwrapped open
5804149.126.72.220 11182 tcp tcpwrapped open
5805149.126.72.220 11184 tcp tcpwrapped open
5806149.126.72.220 11443 tcp tcpwrapped open
5807149.126.72.220 12016 tcp tcpwrapped open
5808149.126.72.220 12082 tcp tcpwrapped open
5809149.126.72.220 12084 tcp tcpwrapped open
5810149.126.72.220 12103 tcp tcpwrapped open
5811149.126.72.220 12104 tcp tcpwrapped open
5812149.126.72.220 12105 tcp tcpwrapped open
5813149.126.72.220 12106 tcp tcpwrapped open
5814149.126.72.220 12107 tcp tcpwrapped open
5815149.126.72.220 12108 tcp tcpwrapped open
5816149.126.72.220 12109 tcp tcpwrapped open
5817149.126.72.220 12110 tcp tcpwrapped open
5818149.126.72.220 12111 tcp tcpwrapped open
5819149.126.72.220 12112 tcp tcpwrapped open
5820149.126.72.220 12113 tcp tcpwrapped open
5821149.126.72.220 12114 tcp tcpwrapped open
5822149.126.72.220 12115 tcp tcpwrapped open
5823149.126.72.220 12116 tcp tcpwrapped open
5824149.126.72.220 12117 tcp tcpwrapped open
5825149.126.72.220 12118 tcp tcpwrapped open
5826149.126.72.220 12119 tcp tcpwrapped open
5827149.126.72.220 12120 tcp tcpwrapped open
5828149.126.72.220 12121 tcp tcpwrapped open
5829149.126.72.220 12122 tcp tcpwrapped open
5830149.126.72.220 12123 tcp tcpwrapped open
5831149.126.72.220 12124 tcp tcpwrapped open
5832149.126.72.220 12125 tcp tcpwrapped open
5833149.126.72.220 12126 tcp tcpwrapped open
5834149.126.72.220 12127 tcp tcpwrapped open
5835149.126.72.220 12128 tcp tcpwrapped open
5836149.126.72.220 12129 tcp tcpwrapped open
5837149.126.72.220 12130 tcp tcpwrapped open
5838149.126.72.220 12131 tcp tcpwrapped open
5839149.126.72.220 12132 tcp tcpwrapped open
5840149.126.72.220 12133 tcp tcpwrapped open
5841149.126.72.220 12134 tcp tcpwrapped open
5842149.126.72.220 12135 tcp tcpwrapped open
5843149.126.72.220 12136 tcp tcpwrapped open
5844149.126.72.220 12137 tcp tcpwrapped open
5845149.126.72.220 12138 tcp tcpwrapped open
5846149.126.72.220 12139 tcp tcpwrapped open
5847149.126.72.220 12140 tcp tcpwrapped open
5848149.126.72.220 12141 tcp tcpwrapped open
5849149.126.72.220 12142 tcp tcpwrapped open
5850149.126.72.220 12143 tcp tcpwrapped open
5851149.126.72.220 12144 tcp tcpwrapped open
5852149.126.72.220 12145 tcp tcpwrapped open
5853149.126.72.220 12146 tcp tcpwrapped open
5854149.126.72.220 12147 tcp tcpwrapped open
5855149.126.72.220 12148 tcp tcpwrapped open
5856149.126.72.220 12149 tcp tcpwrapped open
5857149.126.72.220 12150 tcp tcpwrapped open
5858149.126.72.220 12151 tcp tcpwrapped open
5859149.126.72.220 12152 tcp tcpwrapped open
5860149.126.72.220 12153 tcp tcpwrapped open
5861149.126.72.220 12154 tcp tcpwrapped open
5862149.126.72.220 12155 tcp tcpwrapped open
5863149.126.72.220 12156 tcp tcpwrapped open
5864149.126.72.220 12157 tcp tcpwrapped open
5865149.126.72.220 12158 tcp tcpwrapped open
5866149.126.72.220 12159 tcp tcpwrapped open
5867149.126.72.220 12160 tcp tcpwrapped open
5868149.126.72.220 12161 tcp tcpwrapped open
5869149.126.72.220 12162 tcp tcpwrapped open
5870149.126.72.220 12163 tcp tcpwrapped open
5871149.126.72.220 12164 tcp tcpwrapped open
5872149.126.72.220 12165 tcp tcpwrapped open
5873149.126.72.220 12166 tcp tcpwrapped open
5874149.126.72.220 12167 tcp tcpwrapped open
5875149.126.72.220 12168 tcp tcpwrapped open
5876149.126.72.220 12169 tcp tcpwrapped open
5877149.126.72.220 12170 tcp tcpwrapped open
5878149.126.72.220 12171 tcp tcpwrapped open
5879149.126.72.220 12172 tcp tcpwrapped open
5880149.126.72.220 12173 tcp tcpwrapped open
5881149.126.72.220 12174 tcp tcpwrapped open
5882149.126.72.220 12175 tcp tcpwrapped open
5883149.126.72.220 12176 tcp tcpwrapped open
5884149.126.72.220 12177 tcp tcpwrapped open
5885149.126.72.220 12178 tcp tcpwrapped open
5886149.126.72.220 12179 tcp tcpwrapped open
5887149.126.72.220 12180 tcp tcpwrapped open
5888149.126.72.220 12181 tcp tcpwrapped open
5889149.126.72.220 12182 tcp tcpwrapped open
5890149.126.72.220 12183 tcp tcpwrapped open
5891149.126.72.220 12184 tcp tcpwrapped open
5892149.126.72.220 12185 tcp tcpwrapped open
5893149.126.72.220 12186 tcp tcpwrapped open
5894149.126.72.220 12187 tcp tcpwrapped open
5895149.126.72.220 12188 tcp tcpwrapped open
5896149.126.72.220 12189 tcp tcpwrapped open
5897149.126.72.220 12190 tcp tcpwrapped open
5898149.126.72.220 12191 tcp tcpwrapped open
5899149.126.72.220 12192 tcp tcpwrapped open
5900149.126.72.220 12193 tcp tcpwrapped open
5901149.126.72.220 12194 tcp tcpwrapped open
5902149.126.72.220 12195 tcp tcpwrapped open
5903149.126.72.220 12196 tcp tcpwrapped open
5904149.126.72.220 12197 tcp tcpwrapped open
5905149.126.72.220 12198 tcp tcpwrapped open
5906149.126.72.220 12199 tcp tcpwrapped open
5907149.126.72.220 12200 tcp tcpwrapped open
5908149.126.72.220 12201 tcp tcpwrapped open
5909149.126.72.220 12202 tcp tcpwrapped open
5910149.126.72.220 12203 tcp tcpwrapped open
5911149.126.72.220 12204 tcp tcpwrapped open
5912149.126.72.220 12205 tcp tcpwrapped open
5913149.126.72.220 12206 tcp tcpwrapped open
5914149.126.72.220 12207 tcp tcpwrapped open
5915149.126.72.220 12208 tcp tcpwrapped open
5916149.126.72.220 12209 tcp tcpwrapped open
5917149.126.72.220 12210 tcp tcpwrapped open
5918149.126.72.220 12211 tcp tcpwrapped open
5919149.126.72.220 12212 tcp tcpwrapped open
5920149.126.72.220 12213 tcp tcpwrapped open
5921149.126.72.220 12214 tcp tcpwrapped open
5922149.126.72.220 12215 tcp tcpwrapped open
5923149.126.72.220 12216 tcp tcpwrapped open
5924149.126.72.220 12217 tcp tcpwrapped open
5925149.126.72.220 12218 tcp tcpwrapped open
5926149.126.72.220 12219 tcp tcpwrapped open
5927149.126.72.220 12220 tcp tcpwrapped open
5928149.126.72.220 12221 tcp tcpwrapped open
5929149.126.72.220 12222 tcp tcpwrapped open
5930149.126.72.220 12223 tcp tcpwrapped open
5931149.126.72.220 12224 tcp tcpwrapped open
5932149.126.72.220 12225 tcp tcpwrapped open
5933149.126.72.220 12226 tcp tcpwrapped open
5934149.126.72.220 12227 tcp tcpwrapped open
5935149.126.72.220 12228 tcp tcpwrapped open
5936149.126.72.220 12229 tcp tcpwrapped open
5937149.126.72.220 12230 tcp tcpwrapped open
5938149.126.72.220 12231 tcp tcpwrapped open
5939149.126.72.220 12232 tcp tcpwrapped open
5940149.126.72.220 12233 tcp tcpwrapped open
5941149.126.72.220 12234 tcp tcpwrapped open
5942149.126.72.220 12235 tcp tcpwrapped open
5943149.126.72.220 12236 tcp tcpwrapped open
5944149.126.72.220 12237 tcp tcpwrapped open
5945149.126.72.220 12238 tcp tcpwrapped open
5946149.126.72.220 12239 tcp tcpwrapped open
5947149.126.72.220 12240 tcp tcpwrapped open
5948149.126.72.220 12241 tcp tcpwrapped open
5949149.126.72.220 12242 tcp tcpwrapped open
5950149.126.72.220 12243 tcp tcpwrapped open
5951149.126.72.220 12244 tcp tcpwrapped open
5952149.126.72.220 12245 tcp tcpwrapped open
5953149.126.72.220 12246 tcp tcpwrapped open
5954149.126.72.220 12247 tcp tcpwrapped open
5955149.126.72.220 12248 tcp tcpwrapped open
5956149.126.72.220 12249 tcp tcpwrapped open
5957149.126.72.220 12250 tcp tcpwrapped open
5958149.126.72.220 12251 tcp tcpwrapped open
5959149.126.72.220 12252 tcp tcpwrapped open
5960149.126.72.220 12253 tcp tcpwrapped open
5961149.126.72.220 12254 tcp tcpwrapped open
5962149.126.72.220 12255 tcp tcpwrapped open
5963149.126.72.220 12256 tcp tcpwrapped open
5964149.126.72.220 12257 tcp tcpwrapped open
5965149.126.72.220 12258 tcp tcpwrapped open
5966149.126.72.220 12259 tcp tcpwrapped open
5967149.126.72.220 12260 tcp tcpwrapped open
5968149.126.72.220 12261 tcp tcpwrapped open
5969149.126.72.220 12262 tcp tcpwrapped open
5970149.126.72.220 12263 tcp tcpwrapped open
5971149.126.72.220 12264 tcp tcpwrapped open
5972149.126.72.220 12265 tcp tcpwrapped open
5973149.126.72.220 12266 tcp tcpwrapped open
5974149.126.72.220 12267 tcp tcpwrapped open
5975149.126.72.220 12268 tcp tcpwrapped open
5976149.126.72.220 12269 tcp tcpwrapped open
5977149.126.72.220 12270 tcp tcpwrapped open
5978149.126.72.220 12271 tcp tcpwrapped open
5979149.126.72.220 12272 tcp tcpwrapped open
5980149.126.72.220 12273 tcp tcpwrapped open
5981149.126.72.220 12274 tcp tcpwrapped open
5982149.126.72.220 12275 tcp tcpwrapped open
5983149.126.72.220 12276 tcp tcpwrapped open
5984149.126.72.220 12277 tcp tcpwrapped open
5985149.126.72.220 12278 tcp tcpwrapped open
5986149.126.72.220 12279 tcp tcpwrapped open
5987149.126.72.220 12280 tcp tcpwrapped open
5988149.126.72.220 12281 tcp tcpwrapped open
5989149.126.72.220 12282 tcp tcpwrapped open
5990149.126.72.220 12283 tcp tcpwrapped open
5991149.126.72.220 12284 tcp tcpwrapped open
5992149.126.72.220 12285 tcp tcpwrapped open
5993149.126.72.220 12286 tcp tcpwrapped open
5994149.126.72.220 12287 tcp tcpwrapped open
5995149.126.72.220 12288 tcp tcpwrapped open
5996149.126.72.220 12289 tcp tcpwrapped open
5997149.126.72.220 12290 tcp tcpwrapped open
5998149.126.72.220 12291 tcp tcpwrapped open
5999149.126.72.220 12292 tcp tcpwrapped open
6000149.126.72.220 12293 tcp tcpwrapped open
6001149.126.72.220 12294 tcp tcpwrapped open
6002149.126.72.220 12295 tcp tcpwrapped open
6003149.126.72.220 12296 tcp tcpwrapped open
6004149.126.72.220 12297 tcp tcpwrapped open
6005149.126.72.220 12298 tcp tcpwrapped open
6006149.126.72.220 12299 tcp tcpwrapped open
6007149.126.72.220 12300 tcp tcpwrapped open
6008149.126.72.220 12301 tcp tcpwrapped open
6009149.126.72.220 12302 tcp tcpwrapped open
6010149.126.72.220 12303 tcp tcpwrapped open
6011149.126.72.220 12304 tcp tcpwrapped open
6012149.126.72.220 12305 tcp tcpwrapped open
6013149.126.72.220 12306 tcp tcpwrapped open
6014149.126.72.220 12307 tcp tcpwrapped open
6015149.126.72.220 12308 tcp tcpwrapped open
6016149.126.72.220 12309 tcp tcpwrapped open
6017149.126.72.220 12310 tcp tcpwrapped open
6018149.126.72.220 12311 tcp tcpwrapped open
6019149.126.72.220 12312 tcp tcpwrapped open
6020149.126.72.220 12313 tcp tcpwrapped open
6021149.126.72.220 12314 tcp tcpwrapped open
6022149.126.72.220 12315 tcp tcpwrapped open
6023149.126.72.220 12316 tcp tcpwrapped open
6024149.126.72.220 12317 tcp tcpwrapped open
6025149.126.72.220 12318 tcp tcpwrapped open
6026149.126.72.220 12319 tcp tcpwrapped open
6027149.126.72.220 12320 tcp tcpwrapped open
6028149.126.72.220 12321 tcp tcpwrapped open
6029149.126.72.220 12322 tcp tcpwrapped open
6030149.126.72.220 12323 tcp tcpwrapped open
6031149.126.72.220 12324 tcp tcpwrapped open
6032149.126.72.220 12325 tcp tcpwrapped open
6033149.126.72.220 12326 tcp tcpwrapped open
6034149.126.72.220 12327 tcp tcpwrapped open
6035149.126.72.220 12328 tcp tcpwrapped open
6036149.126.72.220 12329 tcp tcpwrapped open
6037149.126.72.220 12330 tcp tcpwrapped open
6038149.126.72.220 12331 tcp tcpwrapped open
6039149.126.72.220 12332 tcp tcpwrapped open
6040149.126.72.220 12333 tcp tcpwrapped open
6041149.126.72.220 12334 tcp tcpwrapped open
6042149.126.72.220 12335 tcp tcpwrapped open
6043149.126.72.220 12336 tcp tcpwrapped open
6044149.126.72.220 12337 tcp tcpwrapped open
6045149.126.72.220 12338 tcp tcpwrapped open
6046149.126.72.220 12339 tcp tcpwrapped open
6047149.126.72.220 12340 tcp tcpwrapped open
6048149.126.72.220 12341 tcp tcpwrapped open
6049149.126.72.220 12342 tcp tcpwrapped open
6050149.126.72.220 12343 tcp tcpwrapped open
6051149.126.72.220 12344 tcp tcpwrapped open
6052149.126.72.220 12345 tcp tcpwrapped open
6053149.126.72.220 12346 tcp tcpwrapped open
6054149.126.72.220 12347 tcp tcpwrapped open
6055149.126.72.220 12348 tcp tcpwrapped open
6056149.126.72.220 12349 tcp tcpwrapped open
6057149.126.72.220 12350 tcp tcpwrapped open
6058149.126.72.220 12351 tcp tcpwrapped open
6059149.126.72.220 12352 tcp tcpwrapped open
6060149.126.72.220 12353 tcp tcpwrapped open
6061149.126.72.220 12354 tcp tcpwrapped open
6062149.126.72.220 12355 tcp tcpwrapped open
6063149.126.72.220 12356 tcp tcpwrapped open
6064149.126.72.220 12357 tcp tcpwrapped open
6065149.126.72.220 12358 tcp tcpwrapped open
6066149.126.72.220 12359 tcp tcpwrapped open
6067149.126.72.220 12360 tcp tcpwrapped open
6068149.126.72.220 12361 tcp tcpwrapped open
6069149.126.72.220 12362 tcp tcpwrapped open
6070149.126.72.220 12363 tcp tcpwrapped open
6071149.126.72.220 12364 tcp tcpwrapped open
6072149.126.72.220 12365 tcp tcpwrapped open
6073149.126.72.220 12366 tcp tcpwrapped open
6074149.126.72.220 12367 tcp tcpwrapped open
6075149.126.72.220 12368 tcp tcpwrapped open
6076149.126.72.220 12369 tcp tcpwrapped open
6077149.126.72.220 12370 tcp tcpwrapped open
6078149.126.72.220 12371 tcp tcpwrapped open
6079149.126.72.220 12372 tcp tcpwrapped open
6080149.126.72.220 12373 tcp tcpwrapped open
6081149.126.72.220 12374 tcp tcpwrapped open
6082149.126.72.220 12375 tcp tcpwrapped open
6083149.126.72.220 12376 tcp tcpwrapped open
6084149.126.72.220 12377 tcp tcpwrapped open
6085149.126.72.220 12378 tcp tcpwrapped open
6086149.126.72.220 12379 tcp tcpwrapped open
6087149.126.72.220 12380 tcp tcpwrapped open
6088149.126.72.220 12381 tcp tcpwrapped open
6089149.126.72.220 12382 tcp tcpwrapped open
6090149.126.72.220 12383 tcp tcpwrapped open
6091149.126.72.220 12384 tcp tcpwrapped open
6092149.126.72.220 12385 tcp tcpwrapped open
6093149.126.72.220 12386 tcp tcpwrapped open
6094149.126.72.220 12387 tcp tcpwrapped open
6095149.126.72.220 12388 tcp tcpwrapped open
6096149.126.72.220 12389 tcp tcpwrapped open
6097149.126.72.220 12390 tcp tcpwrapped open
6098149.126.72.220 12391 tcp tcpwrapped open
6099149.126.72.220 12392 tcp tcpwrapped open
6100149.126.72.220 12393 tcp tcpwrapped open
6101149.126.72.220 12394 tcp tcpwrapped open
6102149.126.72.220 12395 tcp tcpwrapped open
6103149.126.72.220 12396 tcp tcpwrapped open
6104149.126.72.220 12397 tcp tcpwrapped open
6105149.126.72.220 12398 tcp tcpwrapped open
6106149.126.72.220 12399 tcp tcpwrapped open
6107149.126.72.220 12400 tcp tcpwrapped open
6108149.126.72.220 12401 tcp tcpwrapped open
6109149.126.72.220 12402 tcp tcpwrapped open
6110149.126.72.220 12403 tcp tcpwrapped open
6111149.126.72.220 12404 tcp tcpwrapped open
6112149.126.72.220 12405 tcp tcpwrapped open
6113149.126.72.220 12406 tcp tcpwrapped open
6114149.126.72.220 12407 tcp tcpwrapped open
6115149.126.72.220 12408 tcp tcpwrapped open
6116149.126.72.220 12409 tcp tcpwrapped open
6117149.126.72.220 12410 tcp tcpwrapped open
6118149.126.72.220 12411 tcp tcpwrapped open
6119149.126.72.220 12412 tcp tcpwrapped open
6120149.126.72.220 12413 tcp tcpwrapped open
6121149.126.72.220 12414 tcp tcpwrapped open
6122149.126.72.220 12415 tcp tcpwrapped open
6123149.126.72.220 12416 tcp tcpwrapped open
6124149.126.72.220 12417 tcp tcpwrapped open
6125149.126.72.220 12418 tcp tcpwrapped open
6126149.126.72.220 12419 tcp tcpwrapped open
6127149.126.72.220 12420 tcp tcpwrapped open
6128149.126.72.220 12421 tcp tcpwrapped open
6129149.126.72.220 12422 tcp tcpwrapped open
6130149.126.72.220 12423 tcp tcpwrapped open
6131149.126.72.220 12424 tcp tcpwrapped open
6132149.126.72.220 12425 tcp tcpwrapped open
6133149.126.72.220 12426 tcp tcpwrapped open
6134149.126.72.220 12427 tcp tcpwrapped open
6135149.126.72.220 12428 tcp tcpwrapped open
6136149.126.72.220 12429 tcp tcpwrapped open
6137149.126.72.220 12430 tcp tcpwrapped open
6138149.126.72.220 12431 tcp tcpwrapped open
6139149.126.72.220 12432 tcp tcpwrapped open
6140149.126.72.220 12433 tcp tcpwrapped open
6141149.126.72.220 12434 tcp tcpwrapped open
6142149.126.72.220 12435 tcp tcpwrapped open
6143149.126.72.220 12436 tcp tcpwrapped open
6144149.126.72.220 12437 tcp tcpwrapped open
6145149.126.72.220 12438 tcp tcpwrapped open
6146149.126.72.220 12439 tcp tcpwrapped open
6147149.126.72.220 12440 tcp tcpwrapped open
6148149.126.72.220 12441 tcp tcpwrapped open
6149149.126.72.220 12442 tcp tcpwrapped open
6150149.126.72.220 12443 tcp tcpwrapped open
6151149.126.72.220 12444 tcp tcpwrapped open
6152149.126.72.220 12445 tcp tcpwrapped open
6153149.126.72.220 12446 tcp tcpwrapped open
6154149.126.72.220 12447 tcp tcpwrapped open
6155149.126.72.220 12448 tcp tcpwrapped open
6156149.126.72.220 12449 tcp tcpwrapped open
6157149.126.72.220 12450 tcp tcpwrapped open
6158149.126.72.220 12451 tcp tcpwrapped open
6159149.126.72.220 12452 tcp tcpwrapped open
6160149.126.72.220 12453 tcp tcpwrapped open
6161149.126.72.220 12454 tcp tcpwrapped open
6162149.126.72.220 12455 tcp tcpwrapped open
6163149.126.72.220 12456 tcp tcpwrapped open
6164149.126.72.220 12457 tcp tcpwrapped open
6165149.126.72.220 12458 tcp tcpwrapped open
6166149.126.72.220 12459 tcp tcpwrapped open
6167149.126.72.220 12460 tcp tcpwrapped open
6168149.126.72.220 12461 tcp tcpwrapped open
6169149.126.72.220 12462 tcp tcpwrapped open
6170149.126.72.220 12463 tcp tcpwrapped open
6171149.126.72.220 12464 tcp tcpwrapped open
6172149.126.72.220 12465 tcp tcpwrapped open
6173149.126.72.220 12466 tcp tcpwrapped open
6174149.126.72.220 12467 tcp tcpwrapped open
6175149.126.72.220 12468 tcp tcpwrapped open
6176149.126.72.220 12469 tcp tcpwrapped open
6177149.126.72.220 12470 tcp tcpwrapped open
6178149.126.72.220 12471 tcp tcpwrapped open
6179149.126.72.220 12472 tcp tcpwrapped open
6180149.126.72.220 12473 tcp tcpwrapped open
6181149.126.72.220 12474 tcp tcpwrapped open
6182149.126.72.220 12475 tcp tcpwrapped open
6183149.126.72.220 12476 tcp tcpwrapped open
6184149.126.72.220 12477 tcp tcpwrapped open
6185149.126.72.220 12478 tcp tcpwrapped open
6186149.126.72.220 12479 tcp tcpwrapped open
6187149.126.72.220 12480 tcp tcpwrapped open
6188149.126.72.220 12481 tcp tcpwrapped open
6189149.126.72.220 12482 tcp tcpwrapped open
6190149.126.72.220 12483 tcp tcpwrapped open
6191149.126.72.220 12484 tcp tcpwrapped open
6192149.126.72.220 12485 tcp tcpwrapped open
6193149.126.72.220 12486 tcp tcpwrapped open
6194149.126.72.220 12487 tcp tcpwrapped open
6195149.126.72.220 12488 tcp tcpwrapped open
6196149.126.72.220 12489 tcp tcpwrapped open
6197149.126.72.220 12490 tcp tcpwrapped open
6198149.126.72.220 12491 tcp tcpwrapped open
6199149.126.72.220 12492 tcp tcpwrapped open
6200149.126.72.220 12493 tcp tcpwrapped open
6201149.126.72.220 12494 tcp tcpwrapped open
6202149.126.72.220 12495 tcp tcpwrapped open
6203149.126.72.220 12496 tcp tcpwrapped open
6204149.126.72.220 12497 tcp tcpwrapped open
6205149.126.72.220 12498 tcp tcpwrapped open
6206149.126.72.220 12499 tcp tcpwrapped open
6207149.126.72.220 12500 tcp tcpwrapped open
6208149.126.72.220 12501 tcp tcpwrapped open
6209149.126.72.220 12502 tcp tcpwrapped open
6210149.126.72.220 12503 tcp tcpwrapped open
6211149.126.72.220 12504 tcp tcpwrapped open
6212149.126.72.220 12505 tcp tcpwrapped open
6213149.126.72.220 12506 tcp tcpwrapped open
6214149.126.72.220 12507 tcp tcpwrapped open
6215149.126.72.220 12508 tcp tcpwrapped open
6216149.126.72.220 12509 tcp tcpwrapped open
6217149.126.72.220 12510 tcp tcpwrapped open
6218149.126.72.220 12511 tcp tcpwrapped open
6219149.126.72.220 12512 tcp tcpwrapped open
6220149.126.72.220 12513 tcp tcpwrapped open
6221149.126.72.220 12514 tcp tcpwrapped open
6222149.126.72.220 12515 tcp tcpwrapped open
6223149.126.72.220 12516 tcp tcpwrapped open
6224149.126.72.220 12517 tcp tcpwrapped open
6225149.126.72.220 12518 tcp tcpwrapped open
6226149.126.72.220 12519 tcp tcpwrapped open
6227149.126.72.220 12520 tcp tcpwrapped open
6228149.126.72.220 12521 tcp tcpwrapped open
6229149.126.72.220 12522 tcp tcpwrapped open
6230149.126.72.220 12523 tcp tcpwrapped open
6231149.126.72.220 12524 tcp tcpwrapped open
6232149.126.72.220 12525 tcp tcpwrapped open
6233149.126.72.220 12526 tcp tcpwrapped open
6234149.126.72.220 12527 tcp tcpwrapped open
6235149.126.72.220 12528 tcp tcpwrapped open
6236149.126.72.220 12529 tcp tcpwrapped open
6237149.126.72.220 12530 tcp tcpwrapped open
6238149.126.72.220 12531 tcp tcpwrapped open
6239149.126.72.220 12532 tcp tcpwrapped open
6240149.126.72.220 12533 tcp tcpwrapped open
6241149.126.72.220 12534 tcp tcpwrapped open
6242149.126.72.220 12535 tcp tcpwrapped open
6243149.126.72.220 12536 tcp tcpwrapped open
6244149.126.72.220 12537 tcp tcpwrapped open
6245149.126.72.220 12538 tcp tcpwrapped open
6246149.126.72.220 12539 tcp tcpwrapped open
6247149.126.72.220 12540 tcp tcpwrapped open
6248149.126.72.220 12541 tcp tcpwrapped open
6249149.126.72.220 12542 tcp tcpwrapped open
6250149.126.72.220 12543 tcp tcpwrapped open
6251149.126.72.220 12544 tcp tcpwrapped open
6252149.126.72.220 12545 tcp tcpwrapped open
6253149.126.72.220 12546 tcp tcpwrapped open
6254149.126.72.220 12547 tcp tcpwrapped open
6255149.126.72.220 12548 tcp tcpwrapped open
6256149.126.72.220 12549 tcp tcpwrapped open
6257149.126.72.220 12550 tcp tcpwrapped open
6258149.126.72.220 12551 tcp tcpwrapped open
6259149.126.72.220 12552 tcp tcpwrapped open
6260149.126.72.220 12553 tcp tcpwrapped open
6261149.126.72.220 12554 tcp tcpwrapped open
6262149.126.72.220 12555 tcp tcpwrapped open
6263149.126.72.220 12556 tcp tcpwrapped open
6264149.126.72.220 12557 tcp tcpwrapped open
6265149.126.72.220 12558 tcp tcpwrapped open
6266149.126.72.220 12559 tcp tcpwrapped open
6267149.126.72.220 12560 tcp tcpwrapped open
6268149.126.72.220 12561 tcp tcpwrapped open
6269149.126.72.220 12562 tcp tcpwrapped open
6270149.126.72.220 12563 tcp tcpwrapped open
6271149.126.72.220 12564 tcp tcpwrapped open
6272149.126.72.220 12565 tcp tcpwrapped open
6273149.126.72.220 12566 tcp tcpwrapped open
6274149.126.72.220 12567 tcp tcpwrapped open
6275149.126.72.220 12568 tcp tcpwrapped open
6276149.126.72.220 12569 tcp tcpwrapped open
6277149.126.72.220 12570 tcp tcpwrapped open
6278149.126.72.220 12571 tcp tcpwrapped open
6279149.126.72.220 12572 tcp tcpwrapped open
6280149.126.72.220 12573 tcp tcpwrapped open
6281149.126.72.220 12574 tcp tcpwrapped open
6282149.126.72.220 12575 tcp tcpwrapped open
6283149.126.72.220 12576 tcp tcpwrapped open
6284149.126.72.220 12577 tcp tcpwrapped open
6285149.126.72.220 12578 tcp tcpwrapped open
6286149.126.72.220 12579 tcp tcpwrapped open
6287149.126.72.220 12580 tcp tcpwrapped open
6288149.126.72.220 12581 tcp tcpwrapped open
6289149.126.72.220 12582 tcp tcpwrapped open
6290149.126.72.220 12583 tcp tcpwrapped open
6291149.126.72.220 12584 tcp tcpwrapped open
6292149.126.72.220 12585 tcp tcpwrapped open
6293149.126.72.220 12586 tcp tcpwrapped open
6294149.126.72.220 12587 tcp tcpwrapped open
6295149.126.72.220 12588 tcp tcpwrapped open
6296149.126.72.220 12589 tcp tcpwrapped open
6297149.126.72.220 12590 tcp tcpwrapped open
6298149.126.72.220 13082 tcp tcpwrapped open
6299149.126.72.220 13084 tcp tcpwrapped open
6300149.126.72.220 13333 tcp tcpwrapped open
6301149.126.72.220 13443 tcp tcpwrapped open
6302149.126.72.220 14006 tcp tcpwrapped open
6303149.126.72.220 14082 tcp tcpwrapped open
6304149.126.72.220 14084 tcp tcpwrapped open
6305149.126.72.220 14104 tcp tcpwrapped open
6306149.126.72.220 14130 tcp tcpwrapped open
6307149.126.72.220 14182 tcp tcpwrapped open
6308149.126.72.220 14184 tcp tcpwrapped open
6309149.126.72.220 14330 tcp tcpwrapped open
6310149.126.72.220 14443 tcp tcpwrapped open
6311149.126.72.220 14825 tcp tcpwrapped open
6312149.126.72.220 15002 tcp tcpwrapped open
6313149.126.72.220 15006 tcp tcpwrapped open
6314149.126.72.220 15082 tcp tcpwrapped open
6315149.126.72.220 15084 tcp tcpwrapped open
6316149.126.72.220 15151 tcp tcpwrapped open
6317149.126.72.220 15555 tcp tcpwrapped open
6318149.126.72.220 16000 tcp tcpwrapped open
6319149.126.72.220 16001 tcp tcpwrapped open
6320149.126.72.220 16015 tcp tcpwrapped open
6321149.126.72.220 16016 tcp tcpwrapped open
6322149.126.72.220 16017 tcp tcpwrapped open
6323149.126.72.220 16082 tcp tcpwrapped open
6324149.126.72.220 16084 tcp tcpwrapped open
6325149.126.72.220 16311 tcp tcpwrapped open
6326149.126.72.220 16316 tcp tcpwrapped open
6327149.126.72.220 16443 tcp tcpwrapped open
6328149.126.72.220 16800 tcp tcpwrapped open
6329149.126.72.220 16888 tcp tcpwrapped open
6330149.126.72.220 17082 tcp tcpwrapped open
6331149.126.72.220 17084 tcp tcpwrapped open
6332149.126.72.220 17182 tcp tcpwrapped open
6333149.126.72.220 17184 tcp tcpwrapped open
6334149.126.72.220 17770 tcp tcpwrapped open
6335149.126.72.220 17771 tcp tcpwrapped open
6336149.126.72.220 17772 tcp tcpwrapped open
6337149.126.72.220 17773 tcp tcpwrapped open
6338149.126.72.220 17774 tcp tcpwrapped open
6339149.126.72.220 17775 tcp tcpwrapped open
6340149.126.72.220 17776 tcp tcpwrapped open
6341149.126.72.220 17777 tcp tcpwrapped open
6342149.126.72.220 17778 tcp tcpwrapped open
6343149.126.72.220 17779 tcp tcpwrapped open
6344149.126.72.220 17780 tcp tcpwrapped open
6345149.126.72.220 18000 tcp tcpwrapped open
6346149.126.72.220 18001 tcp tcpwrapped open
6347149.126.72.220 18002 tcp tcpwrapped open
6348149.126.72.220 18003 tcp tcpwrapped open
6349149.126.72.220 18004 tcp tcpwrapped open
6350149.126.72.220 18005 tcp tcpwrapped open
6351149.126.72.220 18006 tcp tcpwrapped open
6352149.126.72.220 18007 tcp tcpwrapped open
6353149.126.72.220 18008 tcp tcpwrapped open
6354149.126.72.220 18009 tcp tcpwrapped open
6355149.126.72.220 18010 tcp tcpwrapped open
6356149.126.72.220 18011 tcp tcpwrapped open
6357149.126.72.220 18012 tcp tcpwrapped open
6358149.126.72.220 18013 tcp tcpwrapped open
6359149.126.72.220 18014 tcp tcpwrapped open
6360149.126.72.220 18015 tcp tcpwrapped open
6361149.126.72.220 18016 tcp tcpwrapped open
6362149.126.72.220 18017 tcp tcpwrapped open
6363149.126.72.220 18018 tcp tcpwrapped open
6364149.126.72.220 18019 tcp tcpwrapped open
6365149.126.72.220 18020 tcp tcpwrapped open
6366149.126.72.220 18021 tcp tcpwrapped open
6367149.126.72.220 18022 tcp tcpwrapped open
6368149.126.72.220 18023 tcp tcpwrapped open
6369149.126.72.220 18024 tcp tcpwrapped open
6370149.126.72.220 18025 tcp tcpwrapped open
6371149.126.72.220 18026 tcp tcpwrapped open
6372149.126.72.220 18027 tcp tcpwrapped open
6373149.126.72.220 18028 tcp tcpwrapped open
6374149.126.72.220 18029 tcp tcpwrapped open
6375149.126.72.220 18030 tcp tcpwrapped open
6376149.126.72.220 18031 tcp tcpwrapped open
6377149.126.72.220 18032 tcp tcpwrapped open
6378149.126.72.220 18033 tcp tcpwrapped open
6379149.126.72.220 18034 tcp tcpwrapped open
6380149.126.72.220 18035 tcp tcpwrapped open
6381149.126.72.220 18036 tcp tcpwrapped open
6382149.126.72.220 18037 tcp tcpwrapped open
6383149.126.72.220 18038 tcp tcpwrapped open
6384149.126.72.220 18039 tcp tcpwrapped open
6385149.126.72.220 18040 tcp tcpwrapped open
6386149.126.72.220 18041 tcp tcpwrapped open
6387149.126.72.220 18042 tcp tcpwrapped open
6388149.126.72.220 18043 tcp tcpwrapped open
6389149.126.72.220 18044 tcp tcpwrapped open
6390149.126.72.220 18045 tcp tcpwrapped open
6391149.126.72.220 18046 tcp tcpwrapped open
6392149.126.72.220 18047 tcp tcpwrapped open
6393149.126.72.220 18048 tcp tcpwrapped open
6394149.126.72.220 18049 tcp tcpwrapped open
6395149.126.72.220 18050 tcp tcpwrapped open
6396149.126.72.220 18051 tcp tcpwrapped open
6397149.126.72.220 18052 tcp tcpwrapped open
6398149.126.72.220 18053 tcp tcpwrapped open
6399149.126.72.220 18054 tcp tcpwrapped open
6400149.126.72.220 18055 tcp tcpwrapped open
6401149.126.72.220 18056 tcp tcpwrapped open
6402149.126.72.220 18057 tcp tcpwrapped open
6403149.126.72.220 18058 tcp tcpwrapped open
6404149.126.72.220 18059 tcp tcpwrapped open
6405149.126.72.220 18060 tcp tcpwrapped open
6406149.126.72.220 18061 tcp tcpwrapped open
6407149.126.72.220 18062 tcp tcpwrapped open
6408149.126.72.220 18063 tcp tcpwrapped open
6409149.126.72.220 18064 tcp tcpwrapped open
6410149.126.72.220 18065 tcp tcpwrapped open
6411149.126.72.220 18066 tcp tcpwrapped open
6412149.126.72.220 18067 tcp tcpwrapped open
6413149.126.72.220 18068 tcp tcpwrapped open
6414149.126.72.220 18069 tcp tcpwrapped open
6415149.126.72.220 18070 tcp tcpwrapped open
6416149.126.72.220 18071 tcp tcpwrapped open
6417149.126.72.220 18072 tcp tcpwrapped open
6418149.126.72.220 18073 tcp tcpwrapped open
6419149.126.72.220 18074 tcp tcpwrapped open
6420149.126.72.220 18075 tcp tcpwrapped open
6421149.126.72.220 18076 tcp tcpwrapped open
6422149.126.72.220 18077 tcp tcpwrapped open
6423149.126.72.220 18078 tcp tcpwrapped open
6424149.126.72.220 18079 tcp tcpwrapped open
6425149.126.72.220 18080 tcp tcpwrapped open
6426149.126.72.220 18081 tcp tcpwrapped open
6427149.126.72.220 18082 tcp tcpwrapped open
6428149.126.72.220 18083 tcp tcpwrapped open
6429149.126.72.220 18084 tcp tcpwrapped open
6430149.126.72.220 18085 tcp tcpwrapped open
6431149.126.72.220 18086 tcp tcpwrapped open
6432149.126.72.220 18087 tcp tcpwrapped open
6433149.126.72.220 18088 tcp tcpwrapped open
6434149.126.72.220 18089 tcp tcpwrapped open
6435149.126.72.220 18090 tcp tcpwrapped open
6436149.126.72.220 18091 tcp tcpwrapped open
6437149.126.72.220 18092 tcp tcpwrapped open
6438149.126.72.220 18093 tcp tcpwrapped open
6439149.126.72.220 18094 tcp tcpwrapped open
6440149.126.72.220 18095 tcp tcpwrapped open
6441149.126.72.220 18096 tcp tcpwrapped open
6442149.126.72.220 18097 tcp tcpwrapped open
6443149.126.72.220 18098 tcp tcpwrapped open
6444149.126.72.220 18099 tcp tcpwrapped open
6445149.126.72.220 18100 tcp tcpwrapped open
6446149.126.72.220 18101 tcp tcpwrapped open
6447149.126.72.220 18102 tcp tcpwrapped open
6448149.126.72.220 18103 tcp tcpwrapped open
6449149.126.72.220 18104 tcp tcpwrapped open
6450149.126.72.220 18105 tcp tcpwrapped open
6451149.126.72.220 18106 tcp tcpwrapped open
6452149.126.72.220 18107 tcp tcpwrapped open
6453149.126.72.220 18108 tcp tcpwrapped open
6454149.126.72.220 18109 tcp tcpwrapped open
6455149.126.72.220 18110 tcp tcpwrapped open
6456149.126.72.220 18111 tcp tcpwrapped open
6457149.126.72.220 18112 tcp tcpwrapped open
6458149.126.72.220 18113 tcp tcpwrapped open
6459149.126.72.220 18200 tcp tcpwrapped open
6460149.126.72.220 18239 tcp tcpwrapped open
6461149.126.72.220 18443 tcp tcpwrapped open
6462149.126.72.220 18802 tcp tcpwrapped open
6463149.126.72.220 19013 tcp tcpwrapped open
6464149.126.72.220 19014 tcp tcpwrapped open
6465149.126.72.220 19015 tcp tcpwrapped open
6466149.126.72.220 19016 tcp tcpwrapped open
6467149.126.72.220 19017 tcp tcpwrapped open
6468149.126.72.220 19022 tcp tcpwrapped open
6469149.126.72.220 19080 tcp tcpwrapped open
6470149.126.72.220 19082 tcp tcpwrapped open
6471149.126.72.220 19084 tcp tcpwrapped open
6472149.126.72.220 19443 tcp tcpwrapped open
6473149.126.72.220 20000 tcp tcpwrapped open
6474149.126.72.220 20001 tcp tcpwrapped open
6475149.126.72.220 20010 tcp tcpwrapped open
6476149.126.72.220 20020 tcp tcpwrapped open
6477149.126.72.220 20030 tcp tcpwrapped open
6478149.126.72.220 20040 tcp tcpwrapped open
6479149.126.72.220 20050 tcp tcpwrapped open
6480149.126.72.220 20053 tcp tcpwrapped open
6481149.126.72.220 20060 tcp tcpwrapped open
6482149.126.72.220 20070 tcp tcpwrapped open
6483149.126.72.220 20080 tcp tcpwrapped open
6484149.126.72.220 20082 tcp tcpwrapped open
6485149.126.72.220 20084 tcp tcpwrapped open
6486149.126.72.220 20090 tcp tcpwrapped open
6487149.126.72.220 20100 tcp tcpwrapped open
6488149.126.72.220 20106 tcp tcpwrapped open
6489149.126.72.220 20107 tcp tcpwrapped open
6490149.126.72.220 20110 tcp tcpwrapped open
6491149.126.72.220 20150 tcp tcpwrapped open
6492149.126.72.220 20182 tcp tcpwrapped open
6493149.126.72.220 20184 tcp tcpwrapped open
6494149.126.72.220 20185 tcp tcpwrapped open
6495149.126.72.220 20200 tcp tcpwrapped open
6496149.126.72.220 20208 tcp tcpwrapped open
6497149.126.72.220 20325 tcp tcpwrapped open
6498149.126.72.220 20500 tcp tcpwrapped open
6499149.126.72.220 20512 tcp tcpwrapped open
6500149.126.72.220 20600 tcp tcpwrapped open
6501149.126.72.220 20800 tcp tcpwrapped open
6502149.126.72.220 20892 tcp tcpwrapped open
6503149.126.72.220 20894 tcp tcpwrapped open
6504149.126.72.220 20900 tcp tcpwrapped open
6505149.126.72.220 21081 tcp tcpwrapped open
6506149.126.72.220 21082 tcp tcpwrapped open
6507149.126.72.220 21083 tcp tcpwrapped open
6508149.126.72.220 21084 tcp tcpwrapped open
6509149.126.72.220 21100 tcp tcpwrapped open
6510149.126.72.220 21200 tcp tcpwrapped open
6511149.126.72.220 21300 tcp tcpwrapped open
6512149.126.72.220 21357 tcp tcpwrapped open
6513149.126.72.220 21381 tcp tcpwrapped open
6514149.126.72.220 21400 tcp tcpwrapped open
6515149.126.72.220 21500 tcp tcpwrapped open
6516149.126.72.220 21935 tcp tcpwrapped open
6517149.126.72.220 22082 tcp tcpwrapped open
6518149.126.72.220 22084 tcp tcpwrapped open
6519149.126.72.220 22103 tcp tcpwrapped open
6520149.126.72.220 22107 tcp tcpwrapped open
6521149.126.72.220 22206 tcp tcpwrapped open
6522149.126.72.220 22345 tcp tcpwrapped open
6523149.126.72.220 22403 tcp tcpwrapped open
6524149.126.72.220 22609 tcp tcpwrapped open
6525149.126.72.220 22703 tcp tcpwrapped open
6526149.126.72.220 22705 tcp tcpwrapped open
6527149.126.72.220 23082 tcp tcpwrapped open
6528149.126.72.220 23084 tcp tcpwrapped open
6529149.126.72.220 23182 tcp tcpwrapped open
6530149.126.72.220 23184 tcp tcpwrapped open
6531149.126.72.220 24082 tcp tcpwrapped open
6532149.126.72.220 24084 tcp tcpwrapped open
6533149.126.72.220 24472 tcp tcpwrapped open
6534149.126.72.220 24510 tcp tcpwrapped open
6535149.126.72.220 25000 tcp tcpwrapped open
6536149.126.72.220 25001 tcp tcpwrapped open
6537149.126.72.220 25002 tcp tcpwrapped open
6538149.126.72.220 25003 tcp tcpwrapped open
6539149.126.72.220 25004 tcp tcpwrapped open
6540149.126.72.220 25005 tcp tcpwrapped open
6541149.126.72.220 25006 tcp tcpwrapped open
6542149.126.72.220 25007 tcp tcpwrapped open
6543149.126.72.220 25008 tcp tcpwrapped open
6544149.126.72.220 25009 tcp tcpwrapped open
6545149.126.72.220 25010 tcp tcpwrapped open
6546149.126.72.220 25082 tcp tcpwrapped open
6547149.126.72.220 25084 tcp tcpwrapped open
6548149.126.72.220 25782 tcp tcpwrapped open
6549149.126.72.220 25952 tcp tcpwrapped open
6550149.126.72.220 27571 tcp tcpwrapped open
6551149.126.72.220 28001 tcp tcpwrapped open
6552149.126.72.220 28080 tcp tcpwrapped open
6553149.126.72.220 28818 tcp tcpwrapped open
6554149.126.72.220 29798 tcp tcpwrapped open
6555149.126.72.220 29799 tcp tcpwrapped open
6556149.126.72.220 30000 tcp tcpwrapped open
6557149.126.72.220 30001 tcp tcpwrapped open
6558149.126.72.220 30003 tcp tcpwrapped open
6559149.126.72.220 30005 tcp tcpwrapped open
6560149.126.72.220 30007 tcp tcpwrapped open
6561149.126.72.220 30009 tcp tcpwrapped open
6562149.126.72.220 30011 tcp tcpwrapped open
6563149.126.72.220 30013 tcp tcpwrapped open
6564149.126.72.220 30015 tcp tcpwrapped open
6565149.126.72.220 30017 tcp tcpwrapped open
6566149.126.72.220 30019 tcp tcpwrapped open
6567149.126.72.220 30021 tcp tcpwrapped open
6568149.126.72.220 30050 tcp tcpwrapped open
6569149.126.72.220 30106 tcp tcpwrapped open
6570149.126.72.220 30110 tcp tcpwrapped open
6571149.126.72.220 30111 tcp tcpwrapped open
6572149.126.72.220 30112 tcp tcpwrapped open
6573149.126.72.220 30113 tcp tcpwrapped open
6574149.126.72.220 30120 tcp tcpwrapped open
6575149.126.72.220 30121 tcp tcpwrapped open
6576149.126.72.220 30122 tcp tcpwrapped open
6577149.126.72.220 30123 tcp tcpwrapped open
6578149.126.72.220 30452 tcp tcpwrapped open
6579149.126.72.220 30468 tcp tcpwrapped open
6580149.126.72.220 30473 tcp tcpwrapped open
6581149.126.72.220 30479 tcp tcpwrapped open
6582149.126.72.220 30501 tcp tcpwrapped open
6583149.126.72.220 30700 tcp tcpwrapped open
6584149.126.72.220 30701 tcp tcpwrapped open
6585149.126.72.220 30892 tcp tcpwrapped open
6586149.126.72.220 30894 tcp tcpwrapped open
6587149.126.72.220 31337 tcp tcpwrapped open
6588149.126.72.220 32101 tcp tcpwrapped open
6589149.126.72.220 32102 tcp tcpwrapped open
6590149.126.72.220 32202 tcp tcpwrapped open
6591149.126.72.220 32303 tcp tcpwrapped open
6592149.126.72.220 32443 tcp tcpwrapped open
6593149.126.72.220 32444 tcp tcpwrapped open
6594149.126.72.220 32746 tcp tcpwrapped open
6595149.126.72.220 32800 tcp tcpwrapped open
6596149.126.72.220 34225 tcp tcpwrapped open
6597149.126.72.220 34500 tcp tcpwrapped open
6598149.126.72.220 35522 tcp tcpwrapped open
6599149.126.72.220 35524 tcp tcpwrapped open
6600149.126.72.220 35531 tcp tcpwrapped open
6601149.126.72.220 35554 tcp tcpwrapped open
6602149.126.72.220 35559 tcp tcpwrapped open
6603149.126.72.220 35560 tcp tcpwrapped open
6604149.126.72.220 36982 tcp tcpwrapped open
6605149.126.72.220 36983 tcp tcpwrapped open
6606149.126.72.220 36984 tcp tcpwrapped open
6607149.126.72.220 37080 tcp tcpwrapped open
6608149.126.72.220 38880 tcp tcpwrapped open
6609149.126.72.220 39001 tcp tcpwrapped open
6610149.126.72.220 40070 tcp tcpwrapped open
6611149.126.72.220 40099 tcp tcpwrapped open
6612149.126.72.220 40892 tcp tcpwrapped open
6613149.126.72.220 40894 tcp tcpwrapped open
6614149.126.72.220 42208 tcp tcpwrapped open
6615149.126.72.220 42424 tcp tcpwrapped open
6616149.126.72.220 42901 tcp tcpwrapped open
6617149.126.72.220 43008 tcp tcpwrapped open
6618149.126.72.220 43009 tcp tcpwrapped open
6619149.126.72.220 43200 tcp tcpwrapped open
6620149.126.72.220 44100 tcp tcpwrapped open
6621149.126.72.220 44300 tcp tcpwrapped open
6622149.126.72.220 44301 tcp tcpwrapped open
6623149.126.72.220 44302 tcp tcpwrapped open
6624149.126.72.220 44303 tcp tcpwrapped open
6625149.126.72.220 44304 tcp tcpwrapped open
6626149.126.72.220 44305 tcp tcpwrapped open
6627149.126.72.220 44306 tcp tcpwrapped open
6628149.126.72.220 44307 tcp tcpwrapped open
6629149.126.72.220 44308 tcp tcpwrapped open
6630149.126.72.220 44309 tcp tcpwrapped open
6631149.126.72.220 44310 tcp tcpwrapped open
6632149.126.72.220 44320 tcp tcpwrapped open
6633149.126.72.220 44332 tcp tcpwrapped open
6634149.126.72.220 44333 tcp tcpwrapped open
6635149.126.72.220 44334 tcp tcpwrapped open
6636149.126.72.220 44336 tcp tcpwrapped open
6637149.126.72.220 44337 tcp tcpwrapped open
6638149.126.72.220 44340 tcp tcpwrapped open
6639149.126.72.220 44341 tcp tcpwrapped open
6640149.126.72.220 44345 tcp tcpwrapped open
6641149.126.72.220 44400 tcp tcpwrapped open
6642149.126.72.220 44410 tcp tcpwrapped open
6643149.126.72.220 44420 tcp tcpwrapped open
6644149.126.72.220 45000 tcp tcpwrapped open
6645149.126.72.220 45555 tcp tcpwrapped open
6646149.126.72.220 45666 tcp tcpwrapped open
6647149.126.72.220 45667 tcp tcpwrapped open
6648149.126.72.220 45668 tcp tcpwrapped open
6649149.126.72.220 45677 tcp tcpwrapped open
6650149.126.72.220 45777 tcp tcpwrapped open
6651149.126.72.220 45788 tcp tcpwrapped open
6652149.126.72.220 45821 tcp tcpwrapped open
6653149.126.72.220 45886 tcp tcpwrapped open
6654149.126.72.220 45888 tcp tcpwrapped open
6655149.126.72.220 46000 tcp tcpwrapped open
6656149.126.72.220 46443 tcp tcpwrapped open
6657149.126.72.220 46862 tcp tcpwrapped open
6658149.126.72.220 47000 tcp tcpwrapped open
6659149.126.72.220 47080 tcp tcpwrapped open
6660149.126.72.220 47534 tcp tcpwrapped open
6661149.126.72.220 48888 tcp tcpwrapped open
6662149.126.72.220 48889 tcp tcpwrapped open
6663149.126.72.220 49200 tcp tcpwrapped open
6664149.126.72.220 49210 tcp tcpwrapped open
6665149.126.72.220 49443 tcp tcpwrapped open
6666149.126.72.220 49682 tcp tcpwrapped open
6667149.126.72.220 49684 tcp tcpwrapped open
6668149.126.72.220 49686 tcp tcpwrapped open
6669149.126.72.220 49688 tcp tcpwrapped open
6670149.126.72.220 49690 tcp tcpwrapped open
6671149.126.72.220 49692 tcp tcpwrapped open
6672149.126.72.220 49694 tcp tcpwrapped open
6673149.126.72.220 50000 tcp tcpwrapped open
6674149.126.72.220 50001 tcp tcpwrapped open
6675149.126.72.220 50042 tcp tcpwrapped open
6676149.126.72.220 50050 tcp tcpwrapped open
6677149.126.72.220 50073 tcp tcpwrapped open
6678149.126.72.220 50085 tcp tcpwrapped open
6679149.126.72.220 50101 tcp tcpwrapped open
6680149.126.72.220 50102 tcp tcpwrapped open
6681149.126.72.220 50103 tcp tcpwrapped open
6682149.126.72.220 50104 tcp tcpwrapped open
6683149.126.72.220 50105 tcp tcpwrapped open
6684149.126.72.220 50106 tcp tcpwrapped open
6685149.126.72.220 50107 tcp tcpwrapped open
6686149.126.72.220 50112 tcp tcpwrapped open
6687149.126.72.220 50113 tcp tcpwrapped open
6688149.126.72.220 50122 tcp tcpwrapped open
6689149.126.72.220 50160 tcp tcpwrapped open
6690149.126.72.220 50443 tcp tcpwrapped open
6691149.126.72.220 51002 tcp tcpwrapped open
6692149.126.72.220 51003 tcp tcpwrapped open
6693149.126.72.220 51434 tcp tcpwrapped open
6694149.126.72.220 52010 tcp tcpwrapped open
6695149.126.72.220 52230 tcp tcpwrapped open
6696149.126.72.220 52311 tcp tcpwrapped open
6697149.126.72.220 52536 tcp tcpwrapped open
6698149.126.72.220 53480 tcp tcpwrapped open
6699149.126.72.220 53481 tcp tcpwrapped open
6700149.126.72.220 53482 tcp tcpwrapped open
6701149.126.72.220 53483 tcp tcpwrapped open
6702149.126.72.220 53484 tcp tcpwrapped open
6703149.126.72.220 53485 tcp tcpwrapped open
6704149.126.72.220 53490 tcp tcpwrapped open
6705149.126.72.220 53805 tcp tcpwrapped open
6706149.126.72.220 53806 tcp tcpwrapped open
6707149.126.72.220 54327 tcp tcpwrapped open
6708149.126.72.220 54490 tcp tcpwrapped open
6709149.126.72.220 54545 tcp tcpwrapped open
6710149.126.72.220 55055 tcp tcpwrapped open
6711149.126.72.220 55080 tcp tcpwrapped open
6712149.126.72.220 55081 tcp tcpwrapped open
6713149.126.72.220 55350 tcp tcpwrapped open
6714149.126.72.220 55388 tcp tcpwrapped open
6715149.126.72.220 55470 tcp tcpwrapped open
6716149.126.72.220 55475 tcp tcpwrapped open
6717149.126.72.220 55481 tcp tcpwrapped open
6718149.126.72.220 55490 tcp tcpwrapped open
6719149.126.72.220 57778 tcp tcpwrapped open
6720149.126.72.220 57779 tcp tcpwrapped open
6721149.126.72.220 57780 tcp tcpwrapped open
6722149.126.72.220 57781 tcp tcpwrapped open
6723149.126.72.220 57782 tcp tcpwrapped open
6724149.126.72.220 57783 tcp tcpwrapped open
6725149.126.72.220 57784 tcp tcpwrapped open
6726149.126.72.220 57785 tcp tcpwrapped open
6727149.126.72.220 57786 tcp tcpwrapped open
6728149.126.72.220 57787 tcp tcpwrapped open
6729149.126.72.220 57788 tcp tcpwrapped open
6730149.126.72.220 58443 tcp tcpwrapped open
6731149.126.72.220 58585 tcp tcpwrapped open
6732149.126.72.220 59012 tcp tcpwrapped open
6733149.126.72.220 59443 tcp tcpwrapped open
6734149.126.72.220 60021 tcp tcpwrapped open
6735149.126.72.220 60023 tcp tcpwrapped open
6736149.126.72.220 60443 tcp tcpwrapped open
6737149.126.72.220 62080 tcp tcpwrapped open
6738149.126.72.220 62237 tcp tcpwrapped open
6739149.126.72.220 62443 tcp tcpwrapped open
6740149.126.72.220 62865 tcp tcpwrapped open
6741149.126.72.220 63443 tcp tcpwrapped open
6742149.126.72.220 64477 tcp tcpwrapped open
6743149.126.72.220 64671 tcp tcpwrapped open
6744151.106.38.107 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 12:11. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
6745151.106.38.107 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
6746151.106.38.107 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
6747151.106.38.107 67 tcp dhcps filtered
6748151.106.38.107 67 udp dhcps unknown
6749151.106.38.107 68 tcp dhcpc filtered
6750151.106.38.107 68 udp dhcpc unknown
6751151.106.38.107 69 tcp tftp filtered
6752151.106.38.107 69 udp tftp unknown
6753151.106.38.107 88 tcp kerberos-sec filtered
6754151.106.38.107 88 udp kerberos-sec unknown
6755151.106.38.107 123 tcp ntp filtered
6756151.106.38.107 123 udp ntp unknown
6757151.106.38.107 137 tcp netbios-ns filtered
6758151.106.38.107 137 udp netbios-ns unknown
6759151.106.38.107 138 tcp netbios-dgm filtered
6760151.106.38.107 138 udp netbios-dgm unknown
6761151.106.38.107 139 tcp netbios-ssn filtered
6762151.106.38.107 139 udp netbios-ssn unknown
6763151.106.38.107 161 tcp snmp filtered
6764151.106.38.107 161 udp snmp unknown
6765151.106.38.107 162 tcp snmptrap filtered
6766151.106.38.107 162 udp snmptrap unknown
6767151.106.38.107 389 tcp ldap filtered
6768151.106.38.107 389 udp ldap unknown
6769151.106.38.107 520 tcp efs filtered
6770151.106.38.107 520 udp route unknown
6771151.106.38.107 2049 tcp nfs filtered
6772151.106.38.107 2049 udp nfs unknown
6773158.69.13.254 22 tcp ssh open OpenSSH 7.4 protocol 2.0
6774158.69.13.254 25 tcp smtp open Exim smtpd 4.92.3
6775158.69.13.254 53 tcp domain open unknown banner: get lost
6776158.69.13.254 53 udp domain open unknown banner: get lost
6777158.69.13.254 67 tcp dhcps filtered
6778158.69.13.254 67 udp dhcps unknown
6779158.69.13.254 68 tcp dhcpc filtered
6780158.69.13.254 68 udp dhcpc unknown
6781158.69.13.254 69 tcp tftp filtered
6782158.69.13.254 69 udp tftp unknown
6783158.69.13.254 80 tcp http open nginx
6784158.69.13.254 88 tcp kerberos-sec filtered
6785158.69.13.254 88 udp kerberos-sec unknown
6786158.69.13.254 123 tcp ntp filtered
6787158.69.13.254 123 udp ntp unknown
6788158.69.13.254 137 tcp netbios-ns filtered
6789158.69.13.254 137 udp netbios-ns unknown
6790158.69.13.254 138 tcp netbios-dgm filtered
6791158.69.13.254 138 udp netbios-dgm unknown
6792158.69.13.254 139 tcp netbios-ssn filtered
6793158.69.13.254 139 udp netbios-ssn unknown
6794158.69.13.254 161 tcp snmp filtered
6795158.69.13.254 161 udp snmp unknown
6796158.69.13.254 162 tcp snmptrap filtered
6797158.69.13.254 162 udp snmptrap unknown
6798158.69.13.254 389 tcp ldap filtered
6799158.69.13.254 389 udp ldap unknown
6800158.69.13.254 443 tcp ssl/http open nginx
6801158.69.13.254 465 tcp ssl/smtp open Exim smtpd 4.92.3
6802158.69.13.254 520 tcp efs filtered
6803158.69.13.254 520 udp route unknown
6804158.69.13.254 587 tcp smtp open Exim smtpd 4.92.3
6805158.69.13.254 2049 tcp nfs filtered
6806158.69.13.254 2049 udp nfs unknown
6807158.69.13.254 2525 tcp smtp open Exim smtpd 4.92.3
6808158.69.13.254 3306 tcp mysql open MySQL blocked - too many connection errors
6809162.244.35.13 22 tcp ssh open SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
6810162.244.35.13 25 tcp open
6811162.244.35.13 53 tcp domain open ISC BIND 9.10.6
6812162.244.35.13 53 udp domain open ISC BIND 9.10.6
6813162.244.35.13 67 tcp dhcps closed
6814162.244.35.13 67 udp dhcps closed
6815162.244.35.13 68 tcp dhcpc closed
6816162.244.35.13 68 udp dhcpc closed
6817162.244.35.13 69 tcp tftp closed
6818162.244.35.13 69 udp tftp closed
6819162.244.35.13 88 tcp kerberos-sec closed
6820162.244.35.13 88 udp kerberos-sec closed
6821162.244.35.13 123 tcp ntp closed
6822162.244.35.13 123 udp ntp closed
6823162.244.35.13 137 tcp netbios-ns filtered
6824162.244.35.13 137 udp netbios-ns unknown
6825162.244.35.13 138 tcp netbios-dgm filtered
6826162.244.35.13 138 udp netbios-dgm unknown
6827162.244.35.13 139 tcp netbios-ssn filtered
6828162.244.35.13 139 udp netbios-ssn unknown
6829162.244.35.13 161 tcp snmp closed
6830162.244.35.13 161 udp snmp closed
6831162.244.35.13 162 tcp snmptrap closed
6832162.244.35.13 162 udp snmptrap closed
6833162.244.35.13 389 tcp ldap closed
6834162.244.35.13 389 udp ldap closed
6835162.244.35.13 520 tcp efs closed
6836162.244.35.13 520 udp route closed
6837162.244.35.13 2049 tcp nfs closed
6838162.244.35.13 2049 udp nfs closed
6839163.247.48.46 53 tcp domain filtered
6840163.247.48.46 53 udp domain unknown
6841163.247.48.46 67 tcp dhcps filtered
6842163.247.48.46 67 udp dhcps unknown
6843163.247.48.46 68 tcp dhcpc filtered
6844163.247.48.46 68 udp dhcpc unknown
6845163.247.48.46 69 tcp tftp filtered
6846163.247.48.46 69 udp tftp unknown
6847163.247.48.46 88 tcp kerberos-sec filtered
6848163.247.48.46 88 udp kerberos-sec unknown
6849163.247.48.46 123 tcp ntp filtered
6850163.247.48.46 123 udp ntp unknown
6851163.247.48.46 137 tcp netbios-ns filtered
6852163.247.48.46 137 udp netbios-ns unknown
6853163.247.48.46 138 tcp netbios-dgm filtered
6854163.247.48.46 138 udp netbios-dgm unknown
6855163.247.48.46 139 tcp netbios-ssn filtered
6856163.247.48.46 139 udp netbios-ssn unknown
6857163.247.48.46 161 tcp snmp filtered
6858163.247.48.46 161 udp snmp unknown
6859163.247.48.46 162 tcp snmptrap filtered
6860163.247.48.46 162 udp snmptrap unknown
6861163.247.48.46 389 tcp ldap filtered
6862163.247.48.46 389 udp ldap unknown
6863163.247.48.46 520 tcp efs filtered
6864163.247.48.46 520 udp route unknown
6865163.247.48.46 2049 tcp nfs filtered
6866163.247.48.46 2049 udp nfs unknown
6867163.247.127.20 53 tcp domain filtered
6868163.247.127.20 53 udp domain unknown
6869163.247.127.20 67 tcp dhcps filtered
6870163.247.127.20 67 udp dhcps unknown
6871163.247.127.20 68 tcp dhcpc filtered
6872163.247.127.20 68 udp dhcpc unknown
6873163.247.127.20 69 tcp tftp filtered
6874163.247.127.20 69 udp tftp unknown
6875163.247.127.20 88 tcp kerberos-sec filtered
6876163.247.127.20 88 udp kerberos-sec unknown
6877163.247.127.20 123 tcp ntp filtered
6878163.247.127.20 123 udp ntp unknown
6879163.247.127.20 137 tcp netbios-ns filtered
6880163.247.127.20 137 udp netbios-ns unknown
6881163.247.127.20 138 tcp netbios-dgm filtered
6882163.247.127.20 138 udp netbios-dgm unknown
6883163.247.127.20 139 tcp netbios-ssn filtered
6884163.247.127.20 139 udp netbios-ssn unknown
6885163.247.127.20 161 tcp snmp filtered
6886163.247.127.20 161 udp snmp unknown
6887163.247.127.20 162 tcp snmptrap filtered
6888163.247.127.20 162 udp snmptrap unknown
6889163.247.127.20 389 tcp ldap filtered
6890163.247.127.20 389 udp ldap unknown
6891163.247.127.20 520 tcp efs filtered
6892163.247.127.20 520 udp route unknown
6893163.247.127.20 2049 tcp nfs filtered
6894163.247.127.20 2049 udp nfs unknown
6895163.247.130.114 53 tcp domain closed
6896163.247.130.114 53 udp domain unknown
6897163.247.130.114 67 tcp dhcps filtered
6898163.247.130.114 67 udp dhcps unknown
6899163.247.130.114 68 tcp dhcpc filtered
6900163.247.130.114 68 udp dhcpc unknown
6901163.247.130.114 69 tcp tftp filtered
6902163.247.130.114 69 udp tftp closed
6903163.247.130.114 88 tcp kerberos-sec filtered
6904163.247.130.114 88 udp kerberos-sec unknown
6905163.247.130.114 123 tcp ntp filtered
6906163.247.130.114 123 udp ntp unknown
6907163.247.130.114 137 tcp netbios-ns filtered
6908163.247.130.114 137 udp netbios-ns unknown
6909163.247.130.114 138 tcp netbios-dgm filtered
6910163.247.130.114 138 udp netbios-dgm unknown
6911163.247.130.114 139 tcp netbios-ssn filtered
6912163.247.130.114 139 udp netbios-ssn unknown
6913163.247.130.114 161 tcp snmp filtered
6914163.247.130.114 161 udp snmp open net-snmp; net-snmp SNMPv3 server
6915163.247.130.114 162 tcp snmptrap filtered
6916163.247.130.114 162 udp snmptrap unknown
6917163.247.130.114 389 tcp ldap filtered
6918163.247.130.114 389 udp ldap unknown
6919163.247.130.114 520 tcp efs filtered
6920163.247.130.114 520 udp route unknown
6921163.247.130.114 2049 tcp nfs filtered
6922163.247.130.114 2049 udp nfs unknown
6923165.22.143.229 53 tcp domain closed
6924165.22.143.229 53 udp domain unknown
6925165.22.143.229 67 tcp dhcps closed
6926165.22.143.229 67 udp dhcps unknown
6927165.22.143.229 68 tcp dhcpc closed
6928165.22.143.229 68 udp dhcpc unknown
6929165.22.143.229 69 tcp tftp closed
6930165.22.143.229 69 udp tftp closed
6931165.22.143.229 88 tcp kerberos-sec closed
6932165.22.143.229 88 udp kerberos-sec unknown
6933165.22.143.229 123 tcp ntp closed
6934165.22.143.229 123 udp ntp open NTP v4 secondary server
6935165.22.143.229 137 tcp netbios-ns closed
6936165.22.143.229 137 udp netbios-ns closed
6937165.22.143.229 138 tcp netbios-dgm closed
6938165.22.143.229 138 udp netbios-dgm closed
6939165.22.143.229 139 tcp netbios-ssn closed
6940165.22.143.229 139 udp netbios-ssn unknown
6941165.22.143.229 161 tcp snmp closed
6942165.22.143.229 161 udp snmp closed
6943165.22.143.229 162 tcp snmptrap closed
6944165.22.143.229 162 udp snmptrap unknown
6945165.22.143.229 389 tcp ldap closed
6946165.22.143.229 389 udp ldap closed
6947165.22.143.229 520 tcp efs closed
6948165.22.143.229 520 udp route closed
6949165.22.143.229 2049 tcp nfs closed
6950165.22.143.229 2049 udp nfs closed
6951169.239.218.20 25 tcp smtp closed
6952169.239.218.20 53 tcp domain filtered
6953169.239.218.20 53 udp domain unknown
6954169.239.218.20 67 tcp dhcps filtered
6955169.239.218.20 67 udp dhcps unknown
6956169.239.218.20 68 tcp dhcpc filtered
6957169.239.218.20 68 udp dhcpc unknown
6958169.239.218.20 69 tcp tftp filtered
6959169.239.218.20 69 udp tftp unknown
6960169.239.218.20 88 tcp kerberos-sec filtered
6961169.239.218.20 88 udp kerberos-sec unknown
6962169.239.218.20 113 tcp ident closed
6963169.239.218.20 123 tcp ntp filtered
6964169.239.218.20 123 udp ntp unknown
6965169.239.218.20 137 tcp netbios-ns filtered
6966169.239.218.20 137 udp netbios-ns filtered
6967169.239.218.20 138 tcp netbios-dgm filtered
6968169.239.218.20 138 udp netbios-dgm filtered
6969169.239.218.20 139 tcp netbios-ssn closed
6970169.239.218.20 139 udp netbios-ssn unknown
6971169.239.218.20 161 tcp snmp filtered
6972169.239.218.20 161 udp snmp unknown
6973169.239.218.20 162 tcp snmptrap filtered
6974169.239.218.20 162 udp snmptrap unknown
6975169.239.218.20 389 tcp ldap filtered
6976169.239.218.20 389 udp ldap unknown
6977169.239.218.20 445 tcp microsoft-ds closed
6978169.239.218.20 520 tcp efs filtered
6979169.239.218.20 520 udp route unknown
6980169.239.218.20 2049 tcp nfs filtered
6981169.239.218.20 2049 udp nfs unknown
6982169.239.218.20 8008 tcp tcpwrapped open
6983173.214.244.169 53 tcp domain filtered
6984173.214.244.169 53 udp domain unknown
6985173.214.244.169 67 tcp dhcps filtered
6986173.214.244.169 67 udp dhcps unknown
6987173.214.244.169 68 tcp dhcpc filtered
6988173.214.244.169 68 udp dhcpc unknown
6989173.214.244.169 69 tcp tftp filtered
6990173.214.244.169 69 udp tftp unknown
6991173.214.244.169 88 tcp kerberos-sec filtered
6992173.214.244.169 88 udp kerberos-sec unknown
6993173.214.244.169 123 tcp ntp filtered
6994173.214.244.169 123 udp ntp unknown
6995173.214.244.169 137 tcp netbios-ns filtered
6996173.214.244.169 137 udp netbios-ns unknown
6997173.214.244.169 138 tcp netbios-dgm filtered
6998173.214.244.169 138 udp netbios-dgm unknown
6999173.214.244.169 139 tcp netbios-ssn filtered
7000173.214.244.169 139 udp netbios-ssn unknown
7001173.214.244.169 161 tcp snmp filtered
7002173.214.244.169 161 udp snmp unknown
7003173.214.244.169 162 tcp snmptrap filtered
7004173.214.244.169 162 udp snmptrap unknown
7005173.214.244.169 389 tcp ldap filtered
7006173.214.244.169 389 udp ldap unknown
7007173.214.244.169 520 tcp efs filtered
7008173.214.244.169 520 udp route unknown
7009173.214.244.169 2049 tcp nfs filtered
7010173.214.244.169 2049 udp nfs unknown
7011174.142.53.51 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 13:59. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
7012174.142.53.51 22 tcp ssh open SSH-2.0-OpenSSH_7.4
7013174.142.53.51 25 tcp smtp closed
7014174.142.53.51 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
7015174.142.53.51 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
7016174.142.53.51 67 tcp dhcps filtered
7017174.142.53.51 67 udp dhcps unknown
7018174.142.53.51 68 tcp dhcpc filtered
7019174.142.53.51 68 udp dhcpc unknown
7020174.142.53.51 69 tcp tftp filtered
7021174.142.53.51 69 udp tftp unknown
7022174.142.53.51 88 tcp kerberos-sec filtered
7023174.142.53.51 88 udp kerberos-sec unknown
7024174.142.53.51 123 tcp ntp filtered
7025174.142.53.51 123 udp ntp unknown
7026174.142.53.51 137 tcp netbios-ns filtered
7027174.142.53.51 137 udp netbios-ns filtered
7028174.142.53.51 138 tcp netbios-dgm filtered
7029174.142.53.51 138 udp netbios-dgm filtered
7030174.142.53.51 139 tcp netbios-ssn closed
7031174.142.53.51 139 udp netbios-ssn unknown
7032174.142.53.51 161 tcp snmp filtered
7033174.142.53.51 161 udp snmp unknown
7034174.142.53.51 162 tcp snmptrap filtered
7035174.142.53.51 162 udp snmptrap unknown
7036174.142.53.51 389 tcp ldap filtered
7037174.142.53.51 389 udp ldap unknown
7038174.142.53.51 445 tcp microsoft-ds closed
7039174.142.53.51 520 tcp efs filtered
7040174.142.53.51 520 udp route unknown
7041174.142.53.51 2049 tcp nfs filtered
7042174.142.53.51 2049 udp nfs unknown
7043186.64.118.40 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 100 allowed.\x0d\x0a220-Local time is now 13:39. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 10 minutes of inactivity.\x0d\x0a
7044186.64.118.40 53 tcp domain filtered
7045186.64.118.40 53 udp domain closed
7046186.64.118.40 67 tcp dhcps filtered
7047186.64.118.40 67 udp dhcps unknown
7048186.64.118.40 68 tcp dhcpc filtered
7049186.64.118.40 68 udp dhcpc unknown
7050186.64.118.40 69 tcp tftp filtered
7051186.64.118.40 69 udp tftp unknown
7052186.64.118.40 88 tcp kerberos-sec filtered
7053186.64.118.40 88 udp kerberos-sec unknown
7054186.64.118.40 123 tcp ntp filtered
7055186.64.118.40 123 udp ntp unknown
7056186.64.118.40 137 tcp netbios-ns filtered
7057186.64.118.40 137 udp netbios-ns unknown
7058186.64.118.40 138 tcp netbios-dgm filtered
7059186.64.118.40 138 udp netbios-dgm unknown
7060186.64.118.40 139 tcp netbios-ssn filtered
7061186.64.118.40 139 udp netbios-ssn unknown
7062186.64.118.40 161 tcp snmp filtered
7063186.64.118.40 161 udp snmp unknown
7064186.64.118.40 162 tcp snmptrap filtered
7065186.64.118.40 162 udp snmptrap unknown
7066186.64.118.40 389 tcp ldap filtered
7067186.64.118.40 389 udp ldap unknown
7068186.64.118.40 520 tcp efs filtered
7069186.64.118.40 520 udp route unknown
7070186.64.118.40 2049 tcp nfs closed
7071186.64.118.40 2049 udp nfs unknown
7072190.98.209.37 53 tcp domain filtered
7073190.98.209.37 53 udp domain unknown
7074190.98.209.37 67 tcp dhcps filtered
7075190.98.209.37 67 udp dhcps unknown
7076190.98.209.37 68 tcp dhcpc filtered
7077190.98.209.37 68 udp dhcpc unknown
7078190.98.209.37 69 tcp tftp filtered
7079190.98.209.37 69 udp tftp unknown
7080190.98.209.37 88 tcp kerberos-sec filtered
7081190.98.209.37 88 udp kerberos-sec unknown
7082190.98.209.37 123 tcp ntp filtered
7083190.98.209.37 123 udp ntp unknown
7084190.98.209.37 137 tcp netbios-ns filtered
7085190.98.209.37 137 udp netbios-ns unknown
7086190.98.209.37 138 tcp netbios-dgm filtered
7087190.98.209.37 138 udp netbios-dgm unknown
7088190.98.209.37 139 tcp netbios-ssn filtered
7089190.98.209.37 139 udp netbios-ssn unknown
7090190.98.209.37 161 tcp snmp filtered
7091190.98.209.37 161 udp snmp unknown
7092190.98.209.37 162 tcp snmptrap filtered
7093190.98.209.37 162 udp snmptrap unknown
7094190.98.209.37 389 tcp ldap filtered
7095190.98.209.37 389 udp ldap unknown
7096190.98.209.37 520 tcp efs filtered
7097190.98.209.37 520 udp route unknown
7098190.98.209.37 2049 tcp nfs filtered
7099190.98.209.37 2049 udp nfs unknown
7100190.107.177.35 53 tcp domain filtered ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7101190.107.177.35 53 udp domain unknown ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7102190.107.177.35 67 tcp dhcps filtered
7103190.107.177.35 67 udp dhcps unknown
7104190.107.177.35 68 tcp dhcpc filtered
7105190.107.177.35 68 udp dhcpc unknown
7106190.107.177.35 69 tcp tftp filtered
7107190.107.177.35 69 udp tftp unknown
7108190.107.177.35 88 tcp kerberos-sec filtered
7109190.107.177.35 88 udp kerberos-sec unknown
7110190.107.177.35 123 tcp ntp filtered
7111190.107.177.35 123 udp ntp unknown
7112190.107.177.35 137 tcp netbios-ns filtered
7113190.107.177.35 137 udp netbios-ns unknown
7114190.107.177.35 138 tcp netbios-dgm filtered
7115190.107.177.35 138 udp netbios-dgm unknown
7116190.107.177.35 139 tcp netbios-ssn filtered
7117190.107.177.35 139 udp netbios-ssn unknown
7118190.107.177.35 161 tcp snmp filtered
7119190.107.177.35 161 udp snmp unknown
7120190.107.177.35 162 tcp snmptrap filtered
7121190.107.177.35 162 udp snmptrap unknown
7122190.107.177.35 389 tcp ldap filtered
7123190.107.177.35 389 udp ldap unknown
7124190.107.177.35 520 tcp efs filtered
7125190.107.177.35 520 udp route unknown
7126190.107.177.35 2049 tcp nfs filtered
7127190.107.177.35 2049 udp nfs unknown
7128190.110.121.175 53 tcp domain filtered
7129190.110.121.175 53 udp domain unknown
7130190.110.121.175 67 tcp dhcps filtered
7131190.110.121.175 67 udp dhcps unknown
7132190.110.121.175 68 tcp dhcpc filtered
7133190.110.121.175 68 udp dhcpc unknown
7134190.110.121.175 69 tcp tftp filtered
7135190.110.121.175 69 udp tftp unknown
7136190.110.121.175 88 tcp kerberos-sec filtered
7137190.110.121.175 88 udp kerberos-sec unknown
7138190.110.121.175 123 tcp ntp filtered
7139190.110.121.175 123 udp ntp unknown
7140190.110.121.175 137 tcp netbios-ns filtered
7141190.110.121.175 137 udp netbios-ns unknown
7142190.110.121.175 138 tcp netbios-dgm filtered
7143190.110.121.175 138 udp netbios-dgm unknown
7144190.110.121.175 139 tcp netbios-ssn filtered
7145190.110.121.175 139 udp netbios-ssn unknown
7146190.110.121.175 161 tcp snmp filtered
7147190.110.121.175 161 udp snmp unknown
7148190.110.121.175 162 tcp snmptrap filtered
7149190.110.121.175 162 udp snmptrap unknown
7150190.110.121.175 389 tcp ldap filtered
7151190.110.121.175 389 udp ldap unknown
7152190.110.121.175 520 tcp efs filtered
7153190.110.121.175 520 udp route unknown
7154190.110.121.175 2049 tcp nfs filtered
7155190.110.121.175 2049 udp nfs unknown
7156190.153.209.187 53 tcp domain filtered
7157190.153.209.187 53 udp domain unknown
7158190.153.209.187 67 tcp dhcps filtered
7159190.153.209.187 67 udp dhcps unknown
7160190.153.209.187 68 tcp dhcpc filtered
7161190.153.209.187 68 udp dhcpc unknown
7162190.153.209.187 69 tcp tftp filtered
7163190.153.209.187 69 udp tftp unknown
7164190.153.209.187 88 tcp kerberos-sec filtered
7165190.153.209.187 88 udp kerberos-sec unknown
7166190.153.209.187 123 tcp ntp filtered
7167190.153.209.187 123 udp ntp unknown
7168190.153.209.187 137 tcp netbios-ns filtered
7169190.153.209.187 137 udp netbios-ns unknown
7170190.153.209.187 138 tcp netbios-dgm filtered
7171190.153.209.187 138 udp netbios-dgm unknown
7172190.153.209.187 139 tcp netbios-ssn filtered
7173190.153.209.187 139 udp netbios-ssn unknown
7174190.153.209.187 161 tcp snmp filtered
7175190.153.209.187 161 udp snmp unknown
7176190.153.209.187 162 tcp snmptrap filtered
7177190.153.209.187 162 udp snmptrap unknown
7178190.153.209.187 389 tcp ldap filtered
7179190.153.209.187 389 udp ldap unknown
7180190.153.209.187 520 tcp efs filtered
7181190.153.209.187 520 udp route unknown
7182190.153.209.187 2049 tcp nfs filtered
7183190.153.209.187 2049 udp nfs unknown
7184190.153.219.254 22 tcp ssh open SSH-2.0-OpenSSH_7.4
7185190.153.219.254 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
7186190.153.219.254 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
7187190.153.219.254 67 tcp dhcps filtered
7188190.153.219.254 67 udp dhcps unknown
7189190.153.219.254 68 tcp dhcpc filtered
7190190.153.219.254 68 udp dhcpc unknown
7191190.153.219.254 69 tcp tftp filtered
7192190.153.219.254 69 udp tftp unknown
7193190.153.219.254 88 tcp kerberos-sec filtered
7194190.153.219.254 88 udp kerberos-sec unknown
7195190.153.219.254 123 tcp ntp filtered
7196190.153.219.254 123 udp ntp unknown
7197190.153.219.254 137 tcp netbios-ns filtered
7198190.153.219.254 137 udp netbios-ns unknown
7199190.153.219.254 138 tcp netbios-dgm filtered
7200190.153.219.254 138 udp netbios-dgm unknown
7201190.153.219.254 139 tcp netbios-ssn filtered
7202190.153.219.254 139 udp netbios-ssn unknown
7203190.153.219.254 161 tcp snmp filtered
7204190.153.219.254 161 udp snmp unknown
7205190.153.219.254 162 tcp snmptrap filtered
7206190.153.219.254 162 udp snmptrap unknown
7207190.153.219.254 389 tcp ldap filtered
7208190.153.219.254 389 udp ldap unknown
7209190.153.219.254 520 tcp efs filtered
7210190.153.219.254 520 udp route unknown
7211190.153.219.254 2049 tcp nfs filtered
7212190.153.219.254 2049 udp nfs unknown
7213192.185.134.58 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 150 allowed.\x0d\x0a220-Local time is now 22:31. Server port: 21.\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
7214192.185.134.58 53 tcp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7215192.185.134.58 53 udp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7216192.185.134.58 67 tcp dhcps closed
7217192.185.134.58 67 udp dhcps unknown
7218192.185.134.58 68 tcp dhcpc closed
7219192.185.134.58 68 udp dhcpc unknown
7220192.185.134.58 69 tcp tftp closed
7221192.185.134.58 69 udp tftp closed
7222192.185.134.58 88 tcp kerberos-sec closed
7223192.185.134.58 88 udp kerberos-sec closed
7224192.185.134.58 123 tcp ntp closed
7225192.185.134.58 123 udp ntp unknown
7226192.185.134.58 137 tcp netbios-ns closed
7227192.185.134.58 137 udp netbios-ns closed
7228192.185.134.58 138 tcp netbios-dgm closed
7229192.185.134.58 138 udp netbios-dgm closed
7230192.185.134.58 139 tcp netbios-ssn closed
7231192.185.134.58 139 udp netbios-ssn closed
7232192.185.134.58 161 tcp snmp closed
7233192.185.134.58 161 udp snmp unknown
7234192.185.134.58 162 tcp snmptrap closed
7235192.185.134.58 162 udp snmptrap closed
7236192.185.134.58 389 tcp ldap closed
7237192.185.134.58 389 udp ldap unknown
7238192.185.134.58 520 tcp efs closed
7239192.185.134.58 520 udp route unknown
7240192.185.134.58 2049 tcp nfs closed
7241192.185.134.58 2049 udp nfs unknown
7242200.2.249.28 21 tcp ftp open vsftpd 3.0.2
7243200.2.249.28 53 udp domain unknown
7244200.2.249.28 67 udp dhcps unknown
7245200.2.249.28 68 udp dhcpc unknown
7246200.2.249.28 69 udp tftp unknown
7247200.2.249.28 80 tcp http open Oracle Application Server 10g httpd 10.1.3.5.0
7248200.2.249.28 88 udp kerberos-sec unknown
7249200.2.249.28 123 udp ntp unknown
7250200.2.249.28 137 udp netbios-ns unknown
7251200.2.249.28 138 udp netbios-dgm unknown
7252200.2.249.28 139 tcp netbios-ssn open Samba smbd 4.8.3 workgroup: SAMBA
7253200.2.249.28 139 udp netbios-ssn unknown
7254200.2.249.28 161 udp snmp unknown
7255200.2.249.28 162 udp snmptrap unknown
7256200.2.249.28 389 udp ldap unknown
7257200.2.249.28 445 tcp netbios-ssn open Samba smbd 4.8.3 workgroup: SAMBA
7258200.2.249.28 520 udp route unknown
7259200.2.249.28 2049 udp nfs unknown
7260200.29.0.33 53 tcp domain filtered
7261200.29.0.33 53 udp domain unknown
7262200.29.0.33 67 tcp dhcps filtered
7263200.29.0.33 67 udp dhcps unknown
7264200.29.0.33 68 tcp dhcpc filtered
7265200.29.0.33 68 udp dhcpc unknown
7266200.29.0.33 69 tcp tftp filtered
7267200.29.0.33 69 udp tftp unknown
7268200.29.0.33 88 tcp kerberos-sec filtered
7269200.29.0.33 88 udp kerberos-sec unknown
7270200.29.0.33 123 tcp ntp filtered
7271200.29.0.33 123 udp ntp unknown
7272200.29.0.33 137 tcp netbios-ns filtered
7273200.29.0.33 137 udp netbios-ns unknown
7274200.29.0.33 138 tcp netbios-dgm filtered
7275200.29.0.33 138 udp netbios-dgm unknown
7276200.29.0.33 139 tcp netbios-ssn filtered
7277200.29.0.33 139 udp netbios-ssn unknown
7278200.29.0.33 161 tcp snmp filtered
7279200.29.0.33 161 udp snmp unknown
7280200.29.0.33 162 tcp snmptrap filtered
7281200.29.0.33 162 udp snmptrap unknown
7282200.29.0.33 389 tcp ldap filtered
7283200.29.0.33 389 udp ldap unknown
7284200.29.0.33 520 tcp efs filtered
7285200.29.0.33 520 udp route unknown
7286200.29.0.33 2049 tcp nfs filtered
7287200.29.0.33 2049 udp nfs unknown
7288200.54.92.108 21 tcp ftp open 220 (vsFTPd 3.0.3)\x0d\x0a
7289200.54.92.108 22 tcp ssh open SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
7290200.54.92.108 53 tcp domain closed
7291200.54.92.108 53 udp domain unknown
7292200.54.92.108 67 tcp dhcps closed
7293200.54.92.108 67 udp dhcps unknown
7294200.54.92.108 68 tcp dhcpc closed
7295200.54.92.108 68 udp dhcpc unknown
7296200.54.92.108 69 tcp tftp closed
7297200.54.92.108 69 udp tftp unknown
7298200.54.92.108 88 tcp kerberos-sec closed
7299200.54.92.108 88 udp kerberos-sec unknown
7300200.54.92.108 123 tcp ntp closed
7301200.54.92.108 123 udp ntp unknown
7302200.54.92.108 137 tcp netbios-ns closed
7303200.54.92.108 137 udp netbios-ns unknown
7304200.54.92.108 138 tcp netbios-dgm closed
7305200.54.92.108 138 udp netbios-dgm unknown
7306200.54.92.108 139 tcp netbios-ssn closed
7307200.54.92.108 139 udp netbios-ssn unknown
7308200.54.92.108 161 tcp snmp closed
7309200.54.92.108 161 udp snmp unknown
7310200.54.92.108 162 tcp snmptrap closed
7311200.54.92.108 162 udp snmptrap unknown
7312200.54.92.108 389 tcp ldap closed
7313200.54.92.108 389 udp ldap unknown
7314200.54.92.108 520 tcp efs closed
7315200.54.92.108 520 udp route unknown
7316200.54.92.108 2049 tcp nfs closed
7317200.54.92.108 2049 udp nfs unknown
7318200.55.198.228 22 tcp ssh open SSH-2.0-OpenSSH_7.4p1 Debian-11.0nosystemd1
7319200.55.198.228 53 tcp domain open
7320200.55.198.228 53 udp domain open
7321200.55.198.228 67 tcp dhcps filtered
7322200.55.198.228 67 udp dhcps unknown
7323200.55.198.228 68 tcp dhcpc filtered
7324200.55.198.228 68 udp dhcpc unknown
7325200.55.198.228 69 tcp tftp filtered
7326200.55.198.228 69 udp tftp unknown
7327200.55.198.228 88 tcp kerberos-sec filtered
7328200.55.198.228 88 udp kerberos-sec unknown
7329200.55.198.228 123 tcp ntp filtered
7330200.55.198.228 123 udp ntp unknown
7331200.55.198.228 137 tcp netbios-ns filtered
7332200.55.198.228 137 udp netbios-ns unknown
7333200.55.198.228 138 tcp netbios-dgm filtered
7334200.55.198.228 138 udp netbios-dgm unknown
7335200.55.198.228 139 tcp netbios-ssn filtered
7336200.55.198.228 139 udp netbios-ssn unknown
7337200.55.198.228 161 tcp snmp filtered
7338200.55.198.228 161 udp snmp unknown
7339200.55.198.228 162 tcp snmptrap filtered
7340200.55.198.228 162 udp snmptrap unknown
7341200.55.198.228 389 tcp ldap filtered
7342200.55.198.228 389 udp ldap unknown
7343200.55.198.228 520 tcp efs filtered
7344200.55.198.228 520 udp route closed
7345200.55.198.228 2049 tcp nfs filtered
7346200.55.198.228 2049 udp nfs unknown
7347200.68.34.99 53 tcp domain filtered
7348200.68.34.99 53 udp domain unknown
7349200.68.34.99 67 tcp dhcps filtered
7350200.68.34.99 67 udp dhcps unknown
7351200.68.34.99 68 tcp dhcpc filtered
7352200.68.34.99 68 udp dhcpc unknown
7353200.68.34.99 69 tcp tftp filtered
7354200.68.34.99 69 udp tftp unknown
7355200.68.34.99 88 tcp kerberos-sec filtered
7356200.68.34.99 88 udp kerberos-sec unknown
7357200.68.34.99 123 tcp ntp filtered
7358200.68.34.99 123 udp ntp unknown
7359200.68.34.99 137 tcp netbios-ns filtered
7360200.68.34.99 137 udp netbios-ns unknown
7361200.68.34.99 138 tcp netbios-dgm filtered
7362200.68.34.99 138 udp netbios-dgm unknown
7363200.68.34.99 139 tcp netbios-ssn filtered
7364200.68.34.99 139 udp netbios-ssn unknown
7365200.68.34.99 161 tcp snmp filtered
7366200.68.34.99 161 udp snmp unknown
7367200.68.34.99 162 tcp snmptrap filtered
7368200.68.34.99 162 udp snmptrap unknown
7369200.68.34.99 389 tcp ldap filtered
7370200.68.34.99 389 udp ldap unknown
7371200.68.34.99 520 tcp efs filtered
7372200.68.34.99 520 udp route unknown
7373200.68.34.99 2049 tcp nfs filtered
7374200.68.34.99 2049 udp nfs unknown
7375200.73.54.34 53 tcp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7376200.73.54.34 53 udp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7377200.73.54.34 67 tcp dhcps filtered
7378200.73.54.34 67 udp dhcps unknown
7379200.73.54.34 68 tcp dhcpc filtered
7380200.73.54.34 68 udp dhcpc unknown
7381200.73.54.34 69 tcp tftp filtered
7382200.73.54.34 69 udp tftp unknown
7383200.73.54.34 88 tcp kerberos-sec filtered
7384200.73.54.34 88 udp kerberos-sec unknown
7385200.73.54.34 123 tcp ntp filtered
7386200.73.54.34 123 udp ntp unknown
7387200.73.54.34 137 tcp netbios-ns filtered
7388200.73.54.34 137 udp netbios-ns unknown
7389200.73.54.34 138 tcp netbios-dgm filtered
7390200.73.54.34 138 udp netbios-dgm unknown
7391200.73.54.34 139 tcp netbios-ssn filtered
7392200.73.54.34 139 udp netbios-ssn unknown
7393200.73.54.34 161 tcp snmp filtered
7394200.73.54.34 161 udp snmp unknown
7395200.73.54.34 162 tcp snmptrap filtered
7396200.73.54.34 162 udp snmptrap unknown
7397200.73.54.34 389 tcp ldap filtered
7398200.73.54.34 389 udp ldap unknown
7399200.73.54.34 520 tcp efs filtered
7400200.73.54.34 520 udp route unknown
7401200.73.54.34 2049 tcp nfs filtered
7402200.73.54.34 2049 udp nfs unknown
7403200.91.40.252 53 tcp domain filtered
7404200.91.40.252 53 udp domain unknown
7405200.91.40.252 67 tcp dhcps filtered
7406200.91.40.252 67 udp dhcps unknown
7407200.91.40.252 68 tcp dhcpc filtered
7408200.91.40.252 68 udp dhcpc unknown
7409200.91.40.252 69 tcp tftp filtered
7410200.91.40.252 69 udp tftp unknown
7411200.91.40.252 88 tcp kerberos-sec filtered
7412200.91.40.252 88 udp kerberos-sec unknown
7413200.91.40.252 123 tcp ntp filtered
7414200.91.40.252 123 udp ntp unknown
7415200.91.40.252 137 tcp netbios-ns filtered
7416200.91.40.252 137 udp netbios-ns unknown
7417200.91.40.252 138 tcp netbios-dgm filtered
7418200.91.40.252 138 udp netbios-dgm unknown
7419200.91.40.252 139 tcp netbios-ssn filtered
7420200.91.40.252 139 udp netbios-ssn unknown
7421200.91.40.252 161 tcp snmp filtered
7422200.91.40.252 161 udp snmp unknown
7423200.91.40.252 162 tcp snmptrap filtered
7424200.91.40.252 162 udp snmptrap unknown
7425200.91.40.252 389 tcp ldap filtered
7426200.91.40.252 389 udp ldap unknown
7427200.91.40.252 520 tcp efs filtered
7428200.91.40.252 520 udp route unknown
7429200.91.40.252 2049 tcp nfs filtered
7430200.91.40.252 2049 udp nfs unknown
7431200.126.100.83 53 tcp domain filtered
7432200.126.100.83 53 udp domain unknown
7433200.126.100.83 67 tcp dhcps filtered
7434200.126.100.83 67 udp dhcps unknown
7435200.126.100.83 68 tcp dhcpc filtered
7436200.126.100.83 68 udp dhcpc unknown
7437200.126.100.83 69 tcp tftp filtered
7438200.126.100.83 69 udp tftp unknown
7439200.126.100.83 88 tcp kerberos-sec filtered
7440200.126.100.83 88 udp kerberos-sec unknown
7441200.126.100.83 123 tcp ntp filtered
7442200.126.100.83 123 udp ntp unknown
7443200.126.100.83 137 tcp netbios-ns filtered
7444200.126.100.83 137 udp netbios-ns unknown
7445200.126.100.83 138 tcp netbios-dgm filtered
7446200.126.100.83 138 udp netbios-dgm unknown
7447200.126.100.83 139 tcp netbios-ssn filtered
7448200.126.100.83 139 udp netbios-ssn unknown
7449200.126.100.83 161 tcp snmp filtered
7450200.126.100.83 161 udp snmp unknown
7451200.126.100.83 162 tcp snmptrap filtered
7452200.126.100.83 162 udp snmptrap unknown
7453200.126.100.83 389 tcp ldap filtered
7454200.126.100.83 389 udp ldap unknown
7455200.126.100.83 520 tcp efs filtered
7456200.126.100.83 520 udp route unknown
7457200.126.100.83 2049 tcp nfs filtered
7458200.126.100.83 2049 udp nfs unknown
7459201.159.170.136 53 tcp domain filtered
7460201.159.170.136 53 udp domain unknown
7461201.159.170.136 67 tcp dhcps filtered
7462201.159.170.136 67 udp dhcps unknown
7463201.159.170.136 68 tcp dhcpc filtered
7464201.159.170.136 68 udp dhcpc unknown
7465201.159.170.136 69 tcp tftp filtered
7466201.159.170.136 69 udp tftp unknown
7467201.159.170.136 88 tcp kerberos-sec filtered
7468201.159.170.136 88 udp kerberos-sec unknown
7469201.159.170.136 123 tcp ntp filtered
7470201.159.170.136 123 udp ntp unknown
7471201.159.170.136 137 tcp netbios-ns filtered
7472201.159.170.136 137 udp netbios-ns unknown
7473201.159.170.136 138 tcp netbios-dgm filtered
7474201.159.170.136 138 udp netbios-dgm unknown
7475201.159.170.136 139 tcp netbios-ssn filtered
7476201.159.170.136 139 udp netbios-ssn unknown
7477201.159.170.136 161 tcp snmp filtered
7478201.159.170.136 161 udp snmp unknown
7479201.159.170.136 162 tcp snmptrap filtered
7480201.159.170.136 162 udp snmptrap unknown
7481201.159.170.136 389 tcp ldap filtered
7482201.159.170.136 389 udp ldap unknown
7483201.159.170.136 520 tcp efs filtered
7484201.159.170.136 520 udp route unknown
7485201.159.170.136 2049 tcp nfs filtered
7486201.159.170.136 2049 udp nfs unknown
7487204.93.193.141 21 tcp ftp open Your connection to this server has been blocked.\x0d\x0a\x0d\x0aYou are most likely being blocked due to use of incorrect user/pass combination. Please, check all of your computers/devices to make sure that they are using the correct login credentials, including your email clients. You may also get blocked due to too many POP3/IMAP logins in 1 minute interval, please adjust your email client settings.\x0d\x0a
7488204.93.193.141 53 tcp domain filtered
7489204.93.193.141 53 udp domain unknown
7490204.93.193.141 67 tcp dhcps filtered
7491204.93.193.141 67 udp dhcps unknown
7492204.93.193.141 68 tcp dhcpc filtered
7493204.93.193.141 68 udp dhcpc unknown
7494204.93.193.141 69 tcp tftp filtered
7495204.93.193.141 69 udp tftp unknown
7496204.93.193.141 88 tcp kerberos-sec filtered
7497204.93.193.141 88 udp kerberos-sec unknown
7498204.93.193.141 123 tcp ntp filtered
7499204.93.193.141 123 udp ntp unknown
7500204.93.193.141 137 tcp netbios-ns filtered
7501204.93.193.141 137 udp netbios-ns unknown
7502204.93.193.141 138 tcp netbios-dgm filtered
7503204.93.193.141 138 udp netbios-dgm unknown
7504204.93.193.141 139 tcp netbios-ssn filtered
7505204.93.193.141 139 udp netbios-ssn unknown
7506204.93.193.141 161 tcp snmp filtered
7507204.93.193.141 161 udp snmp unknown
7508204.93.193.141 162 tcp snmptrap filtered
7509204.93.193.141 162 udp snmptrap unknown
7510204.93.193.141 389 tcp ldap filtered
7511204.93.193.141 389 udp ldap unknown
7512204.93.193.141 520 tcp efs filtered
7513204.93.193.141 520 udp route unknown
7514204.93.193.141 2049 tcp nfs filtered
7515204.93.193.141 2049 udp nfs unknown
7516206.48.140.40 53 tcp domain filtered
7517206.48.140.40 53 udp domain unknown
7518206.48.140.40 67 tcp dhcps filtered
7519206.48.140.40 67 udp dhcps unknown
7520206.48.140.40 68 tcp dhcpc filtered
7521206.48.140.40 68 udp dhcpc unknown
7522206.48.140.40 69 tcp tftp filtered
7523206.48.140.40 69 udp tftp unknown
7524206.48.140.40 88 tcp kerberos-sec filtered
7525206.48.140.40 88 udp kerberos-sec unknown
7526206.48.140.40 123 tcp ntp filtered
7527206.48.140.40 123 udp ntp unknown
7528206.48.140.40 137 tcp netbios-ns filtered
7529206.48.140.40 137 udp netbios-ns unknown
7530206.48.140.40 138 tcp netbios-dgm filtered
7531206.48.140.40 138 udp netbios-dgm unknown
7532206.48.140.40 139 tcp netbios-ssn filtered
7533206.48.140.40 139 udp netbios-ssn unknown
7534206.48.140.40 161 tcp snmp filtered
7535206.48.140.40 161 udp snmp unknown
7536206.48.140.40 162 tcp snmptrap filtered
7537206.48.140.40 162 udp snmptrap unknown
7538206.48.140.40 389 tcp ldap filtered
7539206.48.140.40 389 udp ldap unknown
7540206.48.140.40 520 tcp efs filtered
7541206.48.140.40 520 udp route unknown
7542206.48.140.40 2049 tcp nfs filtered
7543206.48.140.40 2049 udp nfs unknown
7544207.246.147.189 53 tcp domain filtered
7545207.246.147.189 53 udp domain unknown
7546207.246.147.189 67 tcp dhcps filtered
7547207.246.147.189 67 udp dhcps unknown
7548207.246.147.189 68 tcp dhcpc filtered
7549207.246.147.189 68 udp dhcpc unknown
7550207.246.147.189 69 tcp tftp filtered
7551207.246.147.189 69 udp tftp unknown
7552207.246.147.189 80 tcp http open nginx
7553207.246.147.189 88 tcp kerberos-sec filtered
7554207.246.147.189 88 udp kerberos-sec unknown
7555207.246.147.189 123 tcp ntp filtered
7556207.246.147.189 123 udp ntp unknown
7557207.246.147.189 137 tcp netbios-ns filtered
7558207.246.147.189 137 udp netbios-ns unknown
7559207.246.147.189 138 tcp netbios-dgm filtered
7560207.246.147.189 138 udp netbios-dgm unknown
7561207.246.147.189 139 tcp netbios-ssn filtered
7562207.246.147.189 139 udp netbios-ssn unknown
7563207.246.147.189 161 tcp snmp filtered
7564207.246.147.189 161 udp snmp unknown
7565207.246.147.189 162 tcp snmptrap filtered
7566207.246.147.189 162 udp snmptrap unknown
7567207.246.147.189 389 tcp ldap filtered
7568207.246.147.189 389 udp ldap unknown
7569207.246.147.189 443 tcp ssl/http open nginx
7570207.246.147.189 520 tcp efs filtered
7571207.246.147.189 520 udp route unknown
7572207.246.147.189 2049 tcp nfs filtered
7573207.246.147.189 2049 udp nfs unknown
7574207.246.147.190 53 tcp domain filtered
7575207.246.147.190 53 udp domain unknown
7576207.246.147.190 67 tcp dhcps filtered
7577207.246.147.190 67 udp dhcps unknown
7578207.246.147.190 68 tcp dhcpc filtered
7579207.246.147.190 68 udp dhcpc unknown
7580207.246.147.190 69 tcp tftp filtered
7581207.246.147.190 69 udp tftp unknown
7582207.246.147.190 80 tcp http open nginx
7583207.246.147.190 88 tcp kerberos-sec filtered
7584207.246.147.190 88 udp kerberos-sec unknown
7585207.246.147.190 123 tcp ntp filtered
7586207.246.147.190 123 udp ntp unknown
7587207.246.147.190 137 tcp netbios-ns filtered
7588207.246.147.190 137 udp netbios-ns unknown
7589207.246.147.190 138 tcp netbios-dgm filtered
7590207.246.147.190 138 udp netbios-dgm filtered
7591207.246.147.190 139 tcp netbios-ssn filtered
7592207.246.147.190 139 udp netbios-ssn unknown
7593207.246.147.190 161 tcp snmp filtered
7594207.246.147.190 161 udp snmp unknown
7595207.246.147.190 162 tcp snmptrap filtered
7596207.246.147.190 162 udp snmptrap unknown
7597207.246.147.190 389 tcp ldap filtered
7598207.246.147.190 389 udp ldap unknown
7599207.246.147.190 443 tcp ssl/http open nginx
7600207.246.147.190 520 tcp efs filtered
7601207.246.147.190 520 udp route unknown
7602207.246.147.190 2049 tcp nfs filtered
7603207.246.147.190 2049 udp nfs unknown
7604207.246.147.247 53 tcp domain filtered
7605207.246.147.247 53 udp domain filtered
7606207.246.147.247 67 tcp dhcps filtered
7607207.246.147.247 67 udp dhcps unknown
7608207.246.147.247 68 tcp dhcpc filtered
7609207.246.147.247 68 udp dhcpc unknown
7610207.246.147.247 69 tcp tftp filtered
7611207.246.147.247 69 udp tftp unknown
7612207.246.147.247 80 tcp http open nginx
7613207.246.147.247 88 tcp kerberos-sec filtered
7614207.246.147.247 88 udp kerberos-sec unknown
7615207.246.147.247 123 tcp ntp filtered
7616207.246.147.247 123 udp ntp unknown
7617207.246.147.247 137 tcp netbios-ns filtered
7618207.246.147.247 137 udp netbios-ns filtered
7619207.246.147.247 138 tcp netbios-dgm filtered
7620207.246.147.247 138 udp netbios-dgm unknown
7621207.246.147.247 139 tcp netbios-ssn filtered
7622207.246.147.247 139 udp netbios-ssn unknown
7623207.246.147.247 161 tcp snmp filtered
7624207.246.147.247 161 udp snmp unknown
7625207.246.147.247 162 tcp snmptrap filtered
7626207.246.147.247 162 udp snmptrap unknown
7627207.246.147.247 389 tcp ldap filtered
7628207.246.147.247 389 udp ldap unknown
7629207.246.147.247 443 tcp ssl/http open nginx
7630207.246.147.247 520 tcp efs filtered
7631207.246.147.247 520 udp route unknown
7632207.246.147.247 2049 tcp nfs filtered
7633207.246.147.247 2049 udp nfs unknown
7634207.246.147.248 53 tcp domain filtered
7635207.246.147.248 53 udp domain unknown
7636207.246.147.248 67 tcp dhcps filtered
7637207.246.147.248 67 udp dhcps unknown
7638207.246.147.248 68 tcp dhcpc filtered
7639207.246.147.248 68 udp dhcpc unknown
7640207.246.147.248 69 tcp tftp filtered
7641207.246.147.248 69 udp tftp unknown
7642207.246.147.248 80 tcp http open nginx
7643207.246.147.248 88 tcp kerberos-sec filtered
7644207.246.147.248 88 udp kerberos-sec unknown
7645207.246.147.248 123 tcp ntp filtered
7646207.246.147.248 123 udp ntp unknown
7647207.246.147.248 137 tcp netbios-ns filtered
7648207.246.147.248 137 udp netbios-ns unknown
7649207.246.147.248 138 tcp netbios-dgm filtered
7650207.246.147.248 138 udp netbios-dgm unknown
7651207.246.147.248 139 tcp netbios-ssn filtered
7652207.246.147.248 139 udp netbios-ssn unknown
7653207.246.147.248 161 tcp snmp filtered
7654207.246.147.248 161 udp snmp unknown
7655207.246.147.248 162 tcp snmptrap filtered
7656207.246.147.248 162 udp snmptrap unknown
7657207.246.147.248 389 tcp ldap filtered
7658207.246.147.248 389 udp ldap unknown
7659207.246.147.248 443 tcp ssl/http open nginx
7660207.246.147.248 520 tcp efs filtered
7661207.246.147.248 520 udp route unknown
7662207.246.147.248 2049 tcp nfs filtered
7663207.246.147.248 2049 udp nfs unknown
7664211.13.196.135 25 tcp smtp closed
7665211.13.196.135 53 tcp domain filtered
7666211.13.196.135 53 udp domain unknown
7667211.13.196.135 67 tcp dhcps filtered
7668211.13.196.135 67 udp dhcps unknown
7669211.13.196.135 68 tcp dhcpc filtered
7670211.13.196.135 68 udp dhcpc unknown
7671211.13.196.135 69 tcp tftp filtered
7672211.13.196.135 69 udp tftp unknown
7673211.13.196.135 80 tcp http open Apache httpd
7674211.13.196.135 88 tcp kerberos-sec filtered
7675211.13.196.135 88 udp kerberos-sec unknown
7676211.13.196.135 113 tcp ident closed
7677211.13.196.135 123 tcp ntp filtered
7678211.13.196.135 123 udp ntp unknown
7679211.13.196.135 137 tcp netbios-ns filtered
7680211.13.196.135 137 udp netbios-ns filtered
7681211.13.196.135 138 tcp netbios-dgm filtered
7682211.13.196.135 138 udp netbios-dgm filtered
7683211.13.196.135 139 tcp netbios-ssn closed
7684211.13.196.135 139 udp netbios-ssn unknown
7685211.13.196.135 161 tcp snmp filtered
7686211.13.196.135 161 udp snmp unknown
7687211.13.196.135 162 tcp snmptrap filtered
7688211.13.196.135 162 udp snmptrap unknown
7689211.13.196.135 389 tcp ldap filtered
7690211.13.196.135 389 udp ldap unknown
7691211.13.196.135 443 tcp ssl/http open Apache httpd
7692211.13.196.135 445 tcp microsoft-ds closed
7693211.13.196.135 520 tcp efs filtered
7694211.13.196.135 520 udp route unknown
7695211.13.196.135 2049 tcp nfs filtered
7696211.13.196.135 2049 udp nfs unknown
7697212.174.0.150 53 tcp domain filtered
7698212.174.0.150 53 udp domain unknown
7699212.174.0.150 67 tcp dhcps filtered
7700212.174.0.150 67 udp dhcps unknown
7701212.174.0.150 68 tcp dhcpc filtered
7702212.174.0.150 68 udp dhcpc unknown
7703212.174.0.150 69 tcp tftp filtered
7704212.174.0.150 69 udp tftp unknown
7705212.174.0.150 80 tcp http open Microsoft IIS httpd 8.5
7706212.174.0.150 88 tcp kerberos-sec filtered
7707212.174.0.150 88 udp kerberos-sec unknown
7708212.174.0.150 123 tcp ntp filtered
7709212.174.0.150 123 udp ntp unknown
7710212.174.0.150 137 tcp netbios-ns filtered
7711212.174.0.150 137 udp netbios-ns unknown
7712212.174.0.150 138 tcp netbios-dgm filtered
7713212.174.0.150 138 udp netbios-dgm unknown
7714212.174.0.150 139 tcp netbios-ssn filtered
7715212.174.0.150 139 udp netbios-ssn unknown
7716212.174.0.150 161 tcp snmp filtered
7717212.174.0.150 161 udp snmp unknown
7718212.174.0.150 162 tcp snmptrap filtered
7719212.174.0.150 162 udp snmptrap unknown
7720212.174.0.150 389 tcp ldap filtered
7721212.174.0.150 389 udp ldap unknown
7722212.174.0.150 520 tcp efs filtered
7723212.174.0.150 520 udp route unknown
7724212.174.0.150 2049 tcp nfs filtered
7725212.174.0.150 2049 udp nfs unknown
7726216.172.184.117 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 5 of 150 allowed.\x0d\x0a220-Local time is now 01:41. Server port: 21.\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
7727216.172.184.117 53 tcp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7728216.172.184.117 53 udp domain open ISC BIND 9.8.2rc1 RedHat Enterprise Linux 6
7729216.172.184.117 67 tcp dhcps closed
7730216.172.184.117 67 udp dhcps closed
7731216.172.184.117 68 tcp dhcpc closed
7732216.172.184.117 68 udp dhcpc unknown
7733216.172.184.117 69 tcp tftp closed
7734216.172.184.117 69 udp tftp unknown
7735216.172.184.117 88 tcp kerberos-sec closed
7736216.172.184.117 88 udp kerberos-sec unknown
7737216.172.184.117 123 tcp ntp closed
7738216.172.184.117 123 udp ntp unknown
7739216.172.184.117 137 tcp netbios-ns closed
7740216.172.184.117 137 udp netbios-ns unknown
7741216.172.184.117 138 tcp netbios-dgm closed
7742216.172.184.117 138 udp netbios-dgm closed
7743216.172.184.117 139 tcp netbios-ssn closed
7744216.172.184.117 139 udp netbios-ssn closed
7745216.172.184.117 161 tcp snmp closed
7746216.172.184.117 161 udp snmp unknown
7747216.172.184.117 162 tcp snmptrap closed
7748216.172.184.117 162 udp snmptrap closed
7749216.172.184.117 389 tcp ldap closed
7750216.172.184.117 389 udp ldap closed
7751216.172.184.117 520 tcp efs closed
7752216.172.184.117 520 udp route closed
7753216.172.184.117 2049 tcp nfs closed
7754216.172.184.117 2049 udp nfs unknown
7755218.45.5.97 25 tcp smtp closed
7756218.45.5.97 53 tcp domain filtered
7757218.45.5.97 53 udp domain unknown
7758218.45.5.97 67 tcp dhcps filtered
7759218.45.5.97 67 udp dhcps unknown
7760218.45.5.97 68 tcp dhcpc filtered
7761218.45.5.97 68 udp dhcpc unknown
7762218.45.5.97 69 tcp tftp filtered
7763218.45.5.97 69 udp tftp unknown
7764218.45.5.97 80 tcp http open Apache httpd 2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.2.15
7765218.45.5.97 88 tcp kerberos-sec filtered
7766218.45.5.97 88 udp kerberos-sec unknown
7767218.45.5.97 113 tcp ident closed
7768218.45.5.97 123 tcp ntp filtered
7769218.45.5.97 123 udp ntp unknown
7770218.45.5.97 137 tcp netbios-ns filtered
7771218.45.5.97 137 udp netbios-ns filtered
7772218.45.5.97 138 tcp netbios-dgm filtered
7773218.45.5.97 138 udp netbios-dgm filtered
7774218.45.5.97 139 tcp netbios-ssn closed
7775218.45.5.97 139 udp netbios-ssn unknown
7776218.45.5.97 161 tcp snmp filtered
7777218.45.5.97 161 udp snmp unknown
7778218.45.5.97 162 tcp snmptrap filtered
7779218.45.5.97 162 udp snmptrap unknown
7780218.45.5.97 389 tcp ldap filtered
7781218.45.5.97 389 udp ldap unknown
7782218.45.5.97 443 tcp ssl/http open Apache httpd 2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.2.15
7783218.45.5.97 445 tcp microsoft-ds closed
7784218.45.5.97 520 tcp efs filtered
7785218.45.5.97 520 udp route unknown
7786218.45.5.97 2049 tcp nfs filtered
7787218.45.5.97 2049 udp nfs unknown
7788#######################################################################################################################################
7789Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-12 08:39 EDT
7790Nmap scan report for ip-107-180-28-114.ip.secureserver.net (107.180.28.114)
7791Host is up (0.28s latency).
7792Not shown: 975 filtered ports
7793PORT STATE SERVICE VERSION
779420/tcp closed ftp-data
779521/tcp open ftp Pure-FTPd
7796| vulscan: VulDB - https://vuldb.com:
7797| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
7798| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
7799| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
7800|
7801| MITRE CVE - https://cve.mitre.org:
7802| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
7803|
7804| SecurityFocus - https://www.securityfocus.com/bid/:
7805| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
7806|
7807| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7808| No findings
7809|
7810| Exploit-DB - https://www.exploit-db.com:
7811| No findings
7812|
7813| OpenVAS (Nessus) - http://www.openvas.org:
7814| No findings
7815|
7816| SecurityTracker - https://www.securitytracker.com:
7817| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
7818| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
7819| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
7820| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
7821|
7822| OSVDB - http://www.osvdb.org:
7823| No findings
7824|_
782522/tcp open ssh OpenSSH 5.3 (protocol 2.0)
7826| vulscan: VulDB - https://vuldb.com:
7827| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
7828| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
7829| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
7830| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
7831|
7832| MITRE CVE - https://cve.mitre.org:
7833| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
7834| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
7835| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
7836| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
7837| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
7838| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
7839| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
7840| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
7841| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
7842|
7843| SecurityFocus - https://www.securityfocus.com/bid/:
7844| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
7845| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
7846| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
7847| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
7848| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
7849| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
7850| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
7851| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
7852| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
7853| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
7854| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
7855| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
7856| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
7857| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
7858| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
7859| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
7860| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
7861| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
7862| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
7863| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
7864| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
7865| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
7866| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
7867| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
7868| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
7869| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
7870| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
7871| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
7872| [75990] OpenSSH Login Handling Security Bypass Weakness
7873| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
7874| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
7875| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
7876| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
7877| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
7878| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
7879| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
7880| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
7881| [61286] OpenSSH Remote Denial of Service Vulnerability
7882| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
7883| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
7884| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
7885| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
7886| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
7887| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
7888| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
7889| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
7890| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
7891| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
7892| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
7893| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
7894| [30794] Red Hat OpenSSH Backdoor Vulnerability
7895| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
7896| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
7897| [28531] OpenSSH ForceCommand Command Execution Weakness
7898| [28444] OpenSSH X Connections Session Hijacking Vulnerability
7899| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
7900| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
7901| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
7902| [20956] OpenSSH Privilege Separation Key Signature Weakness
7903| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
7904| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
7905| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
7906| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
7907| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
7908| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
7909| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
7910| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
7911| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
7912| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
7913| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
7914| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
7915| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
7916| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
7917| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
7918| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
7919| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
7920| [6168] OpenSSH Visible Password Vulnerability
7921| [5374] OpenSSH Trojan Horse Vulnerability
7922| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
7923| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
7924| [4241] OpenSSH Channel Code Off-By-One Vulnerability
7925| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
7926| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
7927| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
7928| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
7929| [2917] OpenSSH PAM Session Evasion Vulnerability
7930| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
7931| [2356] OpenSSH Private Key Authentication Check Vulnerability
7932| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
7933| [1334] OpenSSH UseLogin Vulnerability
7934|
7935| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7936| [83258] GSI-OpenSSH auth-pam.c security bypass
7937| [82781] OpenSSH time limit denial of service
7938| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
7939| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
7940| [72756] Debian openssh-server commands information disclosure
7941| [68339] OpenSSH pam_thread buffer overflow
7942| [67264] OpenSSH ssh-keysign unauthorized access
7943| [65910] OpenSSH remote_glob function denial of service
7944| [65163] OpenSSH certificate information disclosure
7945| [64387] OpenSSH J-PAKE security bypass
7946| [63337] Cisco Unified Videoconferencing OpenSSH weak security
7947| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
7948| [45202] OpenSSH signal handler denial of service
7949| [44747] RHEL OpenSSH backdoor
7950| [44280] OpenSSH PermitRootLogin information disclosure
7951| [44279] OpenSSH sshd weak security
7952| [44037] OpenSSH sshd SELinux role unauthorized access
7953| [43940] OpenSSH X11 forwarding information disclosure
7954| [41549] OpenSSH ForceCommand directive security bypass
7955| [41438] OpenSSH sshd session hijacking
7956| [40897] OpenSSH known_hosts weak security
7957| [40587] OpenSSH username weak security
7958| [37371] OpenSSH username data manipulation
7959| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
7960| [37112] RHSA update for OpenSSH signal handler race condition not installed
7961| [37107] RHSA update for OpenSSH identical block denial of service not installed
7962| [36637] OpenSSH X11 cookie privilege escalation
7963| [35167] OpenSSH packet.c newkeys[mode] denial of service
7964| [34490] OpenSSH OPIE information disclosure
7965| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
7966| [32975] Apple Mac OS X OpenSSH denial of service
7967| [32387] RHSA-2006:0738 updates for openssh not installed
7968| [32359] RHSA-2006:0697 updates for openssh not installed
7969| [32230] RHSA-2006:0298 updates for openssh not installed
7970| [32132] RHSA-2006:0044 updates for openssh not installed
7971| [30120] OpenSSH privilege separation monitor authentication verification weakness
7972| [29255] OpenSSH GSSAPI user enumeration
7973| [29254] OpenSSH signal handler race condition
7974| [29158] OpenSSH identical block denial of service
7975| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
7976| [25116] OpenSSH OpenPAM denial of service
7977| [24305] OpenSSH SCP shell expansion command execution
7978| [22665] RHSA-2005:106 updates for openssh not installed
7979| [22117] OpenSSH GSSAPI allows elevated privileges
7980| [22115] OpenSSH GatewayPorts security bypass
7981| [20930] OpenSSH sshd.c LoginGraceTime denial of service
7982| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
7983| [17213] OpenSSH allows port bouncing attacks
7984| [16323] OpenSSH scp file overwrite
7985| [13797] OpenSSH PAM information leak
7986| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
7987| [13264] OpenSSH PAM code could allow an attacker to gain access
7988| [13215] OpenSSH buffer management errors could allow an attacker to execute code
7989| [13214] OpenSSH memory vulnerabilities
7990| [13191] OpenSSH large packet buffer overflow
7991| [12196] OpenSSH could allow an attacker to bypass login restrictions
7992| [11970] OpenSSH could allow an attacker to obtain valid administrative account
7993| [11902] OpenSSH PAM support enabled information leak
7994| [9803] OpenSSH "
7995| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
7996| [9307] OpenSSH is running on the system
7997| [9169] OpenSSH "
7998| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
7999| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
8000| [8383] OpenSSH off-by-one error in channel code
8001| [7647] OpenSSH UseLogin option arbitrary code execution
8002| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
8003| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
8004| [7179] OpenSSH source IP access control bypass
8005| [6757] OpenSSH "
8006| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
8007| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
8008| [5517] OpenSSH allows unauthorized access to resources
8009| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
8010|
8011| Exploit-DB - https://www.exploit-db.com:
8012| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
8013| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
8014| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
8015| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
8016| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
8017| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
8018| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
8019| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
8020| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
8021| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
8022| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
8023| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
8024| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
8025| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
8026|
8027| OpenVAS (Nessus) - http://www.openvas.org:
8028| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
8029| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
8030| [881183] CentOS Update for openssh CESA-2012:0884 centos6
8031| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
8032| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
8033| [870763] RedHat Update for openssh RHSA-2012:0884-04
8034| [870129] RedHat Update for openssh RHSA-2008:0855-01
8035| [861813] Fedora Update for openssh FEDORA-2010-5429
8036| [861319] Fedora Update for openssh FEDORA-2007-395
8037| [861170] Fedora Update for openssh FEDORA-2007-394
8038| [861012] Fedora Update for openssh FEDORA-2007-715
8039| [840345] Ubuntu Update for openssh vulnerability USN-597-1
8040| [840300] Ubuntu Update for openssh update USN-612-5
8041| [840271] Ubuntu Update for openssh vulnerability USN-612-2
8042| [840268] Ubuntu Update for openssh update USN-612-7
8043| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
8044| [840214] Ubuntu Update for openssh vulnerability USN-566-1
8045| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
8046| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
8047| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
8048| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
8049| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
8050| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
8051| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
8052| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
8053| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
8054| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
8055| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
8056| [100584] OpenSSH X Connections Session Hijacking Vulnerability
8057| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
8058| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
8059| [65987] SLES10: Security update for OpenSSH
8060| [65819] SLES10: Security update for OpenSSH
8061| [65514] SLES9: Security update for OpenSSH
8062| [65513] SLES9: Security update for OpenSSH
8063| [65334] SLES9: Security update for OpenSSH
8064| [65248] SLES9: Security update for OpenSSH
8065| [65218] SLES9: Security update for OpenSSH
8066| [65169] SLES9: Security update for openssh,openssh-askpass
8067| [65126] SLES9: Security update for OpenSSH
8068| [65019] SLES9: Security update for OpenSSH
8069| [65015] SLES9: Security update for OpenSSH
8070| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
8071| [61639] Debian Security Advisory DSA 1638-1 (openssh)
8072| [61030] Debian Security Advisory DSA 1576-2 (openssh)
8073| [61029] Debian Security Advisory DSA 1576-1 (openssh)
8074| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
8075| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
8076| [60667] Slackware Advisory SSA:2008-095-01 openssh
8077| [59014] Slackware Advisory SSA:2007-255-01 openssh
8078| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
8079| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
8080| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
8081| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
8082| [57492] Slackware Advisory SSA:2006-272-02 openssh
8083| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
8084| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
8085| [57470] FreeBSD Ports: openssh
8086| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
8087| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
8088| [56294] Slackware Advisory SSA:2006-045-06 openssh
8089| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
8090| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
8091| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
8092| [53788] Debian Security Advisory DSA 025-1 (openssh)
8093| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
8094| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
8095| [11343] OpenSSH Client Unauthorized Remote Forwarding
8096| [10954] OpenSSH AFS/Kerberos ticket/token passing
8097| [10883] OpenSSH Channel Code Off by 1
8098| [10823] OpenSSH UseLogin Environment Variables
8099|
8100| SecurityTracker - https://www.securitytracker.com:
8101| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
8102| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
8103| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
8104| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
8105| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
8106| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
8107| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
8108| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
8109| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
8110| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
8111| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
8112| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
8113| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
8114| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
8115| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
8116| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
8117| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
8118| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
8119| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
8120| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
8121| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
8122| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
8123| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
8124| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
8125| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
8126| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
8127| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
8128| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
8129| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
8130| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
8131| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
8132| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
8133| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
8134| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
8135| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
8136| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
8137| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
8138| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
8139|
8140| OSVDB - http://www.osvdb.org:
8141| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
8142| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
8143| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
8144| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
8145| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
8146| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
8147| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
8148| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
8149| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
8150| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
8151| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
8152| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
8153| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
8154| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
8155| [56921] OpenSSH Unspecified Remote Compromise
8156| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
8157| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
8158| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
8159| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
8160| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
8161| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
8162| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
8163| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
8164| [43745] OpenSSH X11 Forwarding Local Session Hijacking
8165| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
8166| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
8167| [37315] pam_usb OpenSSH Authentication Unspecified Issue
8168| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
8169| [34601] OPIE w/ OpenSSH Account Enumeration
8170| [34600] OpenSSH S/KEY Authentication Account Enumeration
8171| [32721] OpenSSH Username Password Complexity Account Enumeration
8172| [30232] OpenSSH Privilege Separation Monitor Weakness
8173| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
8174| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
8175| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
8176| [29152] OpenSSH Identical Block Packet DoS
8177| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
8178| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
8179| [22692] OpenSSH scp Command Line Filename Processing Command Injection
8180| [20216] OpenSSH with KerberosV Remote Authentication Bypass
8181| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
8182| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
8183| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
8184| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
8185| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
8186| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
8187| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
8188| [6601] OpenSSH *realloc() Unspecified Memory Errors
8189| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
8190| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
8191| [6072] OpenSSH PAM Conversation Function Stack Modification
8192| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
8193| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
8194| [5408] OpenSSH echo simulation Information Disclosure
8195| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
8196| [4536] OpenSSH Portable AIX linker Privilege Escalation
8197| [3938] OpenSSL and OpenSSH /dev/random Check Failure
8198| [3456] OpenSSH buffer_append_space() Heap Corruption
8199| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
8200| [2140] OpenSSH w/ PAM Username Validity Timing Attack
8201| [2112] OpenSSH Reverse DNS Lookup Bypass
8202| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
8203| [1853] OpenSSH Symbolic Link 'cookies' File Removal
8204| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
8205| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
8206| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
8207| [688] OpenSSH UseLogin Environment Variable Local Command Execution
8208| [642] OpenSSH Multiple Key Type ACL Bypass
8209| [504] OpenSSH SSHv2 Public Key Authentication Bypass
8210| [341] OpenSSH UseLogin Local Privilege Escalation
8211|_
821225/tcp open smtp?
821326/tcp closed rsftp
821480/tcp open http Apache httpd
8215|_http-server-header: Apache
8216| vulscan: VulDB - https://vuldb.com:
8217| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8218| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8219| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8220| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8221| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8222| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8223| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8224| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8225| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8226| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8227| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8228| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8229| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8230| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8231| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8232| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8233| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8234| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8235| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8236| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8237| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8238| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8239| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8240| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8241| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8242| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8243| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8244| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8245| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8246| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8247| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8248| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8249| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8250| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8251| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
8252| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8253| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
8254| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
8255| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
8256| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
8257| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8258| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8259| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
8260| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
8261| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
8262| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8263| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8264| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
8265| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
8266| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8267| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8268| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
8269| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
8270| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
8271| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
8272| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
8273| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
8274| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
8275| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
8276| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
8277| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
8278| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8279| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8280| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
8281| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
8282| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8283| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
8284| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
8285| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
8286| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
8287| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
8288| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
8289| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
8290| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
8291| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
8292| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
8293| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
8294| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
8295| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
8296| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
8297| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
8298| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
8299| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
8300| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
8301| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
8302| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
8303| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
8304| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
8305| [136370] Apache Fineract up to 1.2.x sql injection
8306| [136369] Apache Fineract up to 1.2.x sql injection
8307| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
8308| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
8309| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
8310| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
8311| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
8312| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8313| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8314| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8315| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8316| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8317| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8318| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8319| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8320| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8321| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8322| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8323| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8324| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8325| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8326| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8327| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8328| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8329| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8330| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8331| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8332| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8333| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8334| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8335| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8336| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8337| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8338| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8339| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8340| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8341| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8342| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8343| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8344| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8345| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8346| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8347| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8348| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8349| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8350| [130629] Apache Guacamole Cookie Flag weak encryption
8351| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8352| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8353| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8354| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8355| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8356| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8357| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8358| [130123] Apache Airflow up to 1.8.2 information disclosure
8359| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8360| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8361| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8362| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8363| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8364| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8365| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8366| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8367| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8368| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8369| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8370| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8371| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8372| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8373| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8374| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8375| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8376| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8377| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8378| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8379| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8380| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8381| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8382| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8383| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8384| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8385| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8386| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8387| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8388| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8389| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8390| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8391| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8392| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8393| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8394| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8395| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8396| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8397| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8398| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8399| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8400| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8401| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8402| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8403| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8404| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8405| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8406| [127007] Apache Spark Request Code Execution
8407| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8408| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8409| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8410| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8411| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8412| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8413| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8414| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8415| [126346] Apache Tomcat Path privilege escalation
8416| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8417| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8418| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8419| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8420| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8421| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8422| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8423| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8424| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8425| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8426| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8427| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8428| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8429| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8430| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8431| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8432| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8433| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8434| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8435| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8436| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8437| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8438| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8439| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8440| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8441| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8442| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8443| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8444| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8445| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8446| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8447| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8448| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8449| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8450| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8451| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8452| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8453| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8454| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8455| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8456| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8457| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8458| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8459| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8460| [123197] Apache Sentry up to 2.0.0 privilege escalation
8461| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8462| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8463| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8464| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8465| [122800] Apache Spark 1.3.0 REST API weak authentication
8466| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8467| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8468| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8469| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8470| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8471| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8472| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8473| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8474| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8475| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8476| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8477| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8478| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8479| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8480| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8481| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8482| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8483| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8484| [121354] Apache CouchDB HTTP API Code Execution
8485| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8486| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8487| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8488| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8489| [120168] Apache CXF weak authentication
8490| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8491| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8492| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8493| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8494| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8495| [119306] Apache MXNet Network Interface privilege escalation
8496| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8497| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8498| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8499| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8500| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8501| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8502| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8503| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8504| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8505| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8506| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8507| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8508| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8509| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8510| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8511| [117115] Apache Tika up to 1.17 tika-server command injection
8512| [116929] Apache Fineract getReportType Parameter privilege escalation
8513| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8514| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8515| [116926] Apache Fineract REST Parameter privilege escalation
8516| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8517| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8518| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8519| [115883] Apache Hive up to 2.3.2 privilege escalation
8520| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8521| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8522| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8523| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8524| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8525| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8526| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8527| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8528| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8529| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8530| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8531| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8532| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8533| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8534| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8535| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8536| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8537| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8538| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8539| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8540| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8541| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8542| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8543| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8544| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8545| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8546| [113895] Apache Geode up to 1.3.x Code Execution
8547| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8548| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8549| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8550| [113747] Apache Tomcat Servlets privilege escalation
8551| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8552| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8553| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8554| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8555| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8556| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8557| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8558| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8559| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8560| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8561| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8562| [112885] Apache Allura up to 1.8.0 File information disclosure
8563| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8564| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8565| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8566| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8567| [112625] Apache POI up to 3.16 Loop denial of service
8568| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8569| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8570| [112339] Apache NiFi 1.5.0 Header privilege escalation
8571| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8572| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8573| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8574| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8575| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8576| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8577| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8578| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8579| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8580| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8581| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8582| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8583| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8584| [112114] Oracle 9.1 Apache Log4j privilege escalation
8585| [112113] Oracle 9.1 Apache Log4j privilege escalation
8586| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8587| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8588| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8589| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8590| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8591| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8592| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8593| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8594| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8595| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8596| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8597| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8598| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8599| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8600| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8601| [110701] Apache Fineract Query Parameter sql injection
8602| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8603| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8604| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8605| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8606| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8607| [110106] Apache CXF Fediz Spring cross site request forgery
8608| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8609| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8610| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8611| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8612| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8613| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8614| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8615| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8616| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8617| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8618| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8619| [108938] Apple macOS up to 10.13.1 apache denial of service
8620| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8621| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8622| [108935] Apple macOS up to 10.13.1 apache denial of service
8623| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8624| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8625| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8626| [108931] Apple macOS up to 10.13.1 apache denial of service
8627| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8628| [108929] Apple macOS up to 10.13.1 apache denial of service
8629| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8630| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8631| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8632| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8633| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8634| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8635| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8636| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8637| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8638| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8639| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8640| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8641| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8642| [108782] Apache Xerces2 XML Service denial of service
8643| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8644| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8645| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8646| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8647| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8648| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8649| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8650| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8651| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8652| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8653| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8654| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8655| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8656| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8657| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8658| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8659| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8660| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8661| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8662| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8663| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8664| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8665| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8666| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8667| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8668| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8669| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8670| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8671| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8672| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8673| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8674| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8675| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8676| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8677| [107639] Apache NiFi 1.4.0 XML External Entity
8678| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8679| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8680| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8681| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8682| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8683| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8684| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8685| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8686| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8687| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8688| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8689| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8690| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8691| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8692| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8693| [107084] Apache Struts up to 2.3.19 cross site scripting
8694| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8695| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8696| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8697| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8698| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8699| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8700| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8701| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8702| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8703| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8704| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8705| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8706| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8707| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8708| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8709| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8710| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8711| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8712| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8713| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8714| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8715| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8716| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8717| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8718| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8719| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8720| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8721| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8722| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8723| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8724| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8725| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8726| [105643] Apache Pony Mail up to 0.8b weak authentication
8727| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8728| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8729| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8730| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8731| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8732| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8733| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8734| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8735| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8736| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8737| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8738| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8739| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8740| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8741| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8742| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8743| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8744| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8745| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8746| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8747| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8748| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8749| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8750| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8751| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8752| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8753| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8754| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8755| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8756| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8757| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8758| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8759| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8760| [103690] Apache OpenMeetings 1.0.0 sql injection
8761| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8762| [103688] Apache OpenMeetings 1.0.0 weak encryption
8763| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8764| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8765| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8766| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8767| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8768| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8769| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8770| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8771| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8772| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8773| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8774| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8775| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8776| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8777| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8778| [103352] Apache Solr Node weak authentication
8779| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8780| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8781| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8782| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8783| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8784| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8785| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8786| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8787| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8788| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8789| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8790| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8791| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8792| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8793| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8794| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8795| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8796| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8797| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8798| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8799| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8800| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8801| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8802| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8803| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8804| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8805| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8806| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8807| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8808| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8809| [99937] Apache Batik up to 1.8 privilege escalation
8810| [99936] Apache FOP up to 2.1 privilege escalation
8811| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8812| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8813| [99930] Apache Traffic Server up to 6.2.0 denial of service
8814| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8815| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8816| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8817| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8818| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8819| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8820| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8821| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8822| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8823| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8824| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8825| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8826| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8827| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8828| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8829| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8830| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8831| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8832| [98605] Apple macOS up to 10.12.3 Apache denial of service
8833| [98604] Apple macOS up to 10.12.3 Apache denial of service
8834| [98603] Apple macOS up to 10.12.3 Apache denial of service
8835| [98602] Apple macOS up to 10.12.3 Apache denial of service
8836| [98601] Apple macOS up to 10.12.3 Apache denial of service
8837| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8838| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8839| [98199] Apache Camel Validation XML External Entity
8840| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8841| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8842| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8843| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8844| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8845| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8846| [97081] Apache Tomcat HTTPS Request denial of service
8847| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8848| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8849| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8850| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8851| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8852| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8853| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8854| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8855| [95311] Apache Storm UI Daemon privilege escalation
8856| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8857| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8858| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8859| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8860| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8861| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8862| [94540] Apache Tika 1.9 tika-server File information disclosure
8863| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8864| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8865| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8866| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8867| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8868| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8869| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8870| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8871| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8872| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8873| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8874| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8875| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8876| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8877| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8878| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8879| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8880| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8881| [93532] Apache Commons Collections Library Java privilege escalation
8882| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8883| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8884| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8885| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8886| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8887| [93098] Apache Commons FileUpload privilege escalation
8888| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8889| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8890| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8891| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8892| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8893| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8894| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8895| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8896| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8897| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8898| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8899| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8900| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8901| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8902| [92549] Apache Tomcat on Red Hat privilege escalation
8903| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8904| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8905| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8906| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8907| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8908| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8909| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8910| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8911| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8912| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8913| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8914| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8915| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8916| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8917| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8918| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8919| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8920| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8921| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8922| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8923| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8924| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8925| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8926| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8927| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8928| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8929| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8930| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8931| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8932| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8933| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8934| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8935| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8936| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8937| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8938| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8939| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8940| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8941| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8942| [90263] Apache Archiva Header denial of service
8943| [90262] Apache Archiva Deserialize privilege escalation
8944| [90261] Apache Archiva XML DTD Connection privilege escalation
8945| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8946| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8947| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8948| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8949| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8950| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8951| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8952| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8953| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8954| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8955| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8956| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8957| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8958| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8959| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8960| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8961| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8962| [87765] Apache James Server 2.3.2 Command privilege escalation
8963| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8964| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8965| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8966| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8967| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8968| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8969| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8970| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8971| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8972| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8973| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8974| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8975| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8976| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8977| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8978| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8979| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8980| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8981| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8982| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8983| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8984| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8985| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8986| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8987| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8988| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8989| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8990| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8991| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8992| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8993| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8994| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8995| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8996| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8997| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8998| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8999| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9000| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9001| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9002| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9003| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9004| [82076] Apache Ranger up to 0.5.1 privilege escalation
9005| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9006| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9007| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9008| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9009| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9010| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9011| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9012| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9013| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9014| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9015| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9016| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9017| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9018| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9019| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9020| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9021| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9022| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9023| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9024| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9025| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9026| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9027| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9028| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9029| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9030| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9031| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9032| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9033| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9034| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9035| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9036| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9037| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9038| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9039| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9040| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9041| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9042| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9043| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9044| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9045| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9046| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9047| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9048| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9049| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9050| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9051| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9052| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9053| [78989] Apache Ambari up to 2.1.1 Open Redirect
9054| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9055| [78987] Apache Ambari up to 2.0.x cross site scripting
9056| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9057| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9058| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9059| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9060| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9061| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9062| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9063| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9064| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9065| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9066| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9067| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9068| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9069| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9070| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9071| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9072| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9073| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9074| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9075| [76567] Apache Struts 2.3.20 unknown vulnerability
9076| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9077| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9078| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9079| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9080| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9081| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9082| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9083| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9084| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9085| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9086| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9087| [74793] Apache Tomcat File Upload denial of service
9088| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9089| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9090| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9091| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9092| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9093| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9094| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9095| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9096| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9097| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9098| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9099| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9100| [74468] Apache Batik up to 1.6 denial of service
9101| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9102| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9103| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9104| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9105| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9106| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9107| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9108| [73731] Apache XML Security unknown vulnerability
9109| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9110| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9111| [73593] Apache Traffic Server up to 5.1.0 denial of service
9112| [73511] Apache POI up to 3.10 Deadlock denial of service
9113| [73510] Apache Solr up to 4.3.0 cross site scripting
9114| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9115| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9116| [73173] Apache CloudStack Stack-Based unknown vulnerability
9117| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9118| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9119| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9120| [72890] Apache Qpid 0.30 unknown vulnerability
9121| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9122| [72878] Apache Cordova 3.5.0 cross site request forgery
9123| [72877] Apache Cordova 3.5.0 cross site request forgery
9124| [72876] Apache Cordova 3.5.0 cross site request forgery
9125| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9126| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9127| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9128| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9129| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9130| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9131| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9132| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9133| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9134| [71629] Apache Axis2/C spoofing
9135| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9136| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9137| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9138| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9139| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9140| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9141| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9142| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9143| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9144| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9145| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9146| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9147| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9148| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9149| [70809] Apache POI up to 3.11 Crash denial of service
9150| [70808] Apache POI up to 3.10 unknown vulnerability
9151| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9152| [70749] Apache Axis up to 1.4 getCN spoofing
9153| [70701] Apache Traffic Server up to 3.3.5 denial of service
9154| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9155| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9156| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9157| [70661] Apache Subversion up to 1.6.17 denial of service
9158| [70660] Apache Subversion up to 1.6.17 spoofing
9159| [70659] Apache Subversion up to 1.6.17 spoofing
9160| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9161| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9162| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9163| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9164| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9165| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9166| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9167| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9168| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9169| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9170| [69846] Apache HBase up to 0.94.8 information disclosure
9171| [69783] Apache CouchDB up to 1.2.0 memory corruption
9172| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9173| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9174| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9175| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9176| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9177| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9178| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9179| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9180| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9181| [69431] Apache Archiva up to 1.3.6 cross site scripting
9182| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9183| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9184| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9185| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9186| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9187| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9188| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9189| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9190| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9191| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9192| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9193| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9194| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9195| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9196| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9197| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9198| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9199| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9200| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9201| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9202| [66356] Apache Wicket up to 6.8.0 information disclosure
9203| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9204| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9205| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9206| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9207| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9208| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9209| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9210| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9211| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9212| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9213| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9214| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9215| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9216| [65668] Apache Solr 4.0.0 Updater denial of service
9217| [65665] Apache Solr up to 4.3.0 denial of service
9218| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9219| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9220| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9221| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9222| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9223| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9224| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9225| [65410] Apache Struts 2.3.15.3 cross site scripting
9226| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9227| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9228| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9229| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9230| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9231| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9232| [65340] Apache Shindig 2.5.0 information disclosure
9233| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9234| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9235| [10826] Apache Struts 2 File privilege escalation
9236| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9237| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9238| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9239| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9240| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9241| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9242| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9243| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9244| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9245| [64722] Apache XML Security for C++ Heap-based memory corruption
9246| [64719] Apache XML Security for C++ Heap-based memory corruption
9247| [64718] Apache XML Security for C++ verify denial of service
9248| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9249| [64716] Apache XML Security for C++ spoofing
9250| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9251| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9252| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9253| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9254| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9255| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9256| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9257| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9258| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9259| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9260| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9261| [64467] Apache Geronimo 3.0 memory corruption
9262| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9263| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9264| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9265| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9266| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9267| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9268| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9269| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9270| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9271| [8873] Apache Struts 2.3.14 privilege escalation
9272| [8872] Apache Struts 2.3.14 privilege escalation
9273| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9274| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9275| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9276| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9277| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9278| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9279| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9280| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9281| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9282| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9283| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9284| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9285| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9286| [8427] Apache Tomcat Session Transaction weak authentication
9287| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9288| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9289| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9290| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9291| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9292| [63747] Apache Rave up to 0.20 User Account information disclosure
9293| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9294| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9295| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9296| [7687] Apache CXF up to 2.7.2 Token weak authentication
9297| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9298| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9299| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9300| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9301| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9302| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9303| [63090] Apache Tomcat up to 4.1.24 denial of service
9304| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9305| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9306| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9307| [62833] Apache CXF -/2.6.0 spoofing
9308| [62832] Apache Axis2 up to 1.6.2 spoofing
9309| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9310| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9311| [62826] Apache Libcloud up to 0.11.0 spoofing
9312| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9313| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9314| [62661] Apache Axis2 unknown vulnerability
9315| [62658] Apache Axis2 unknown vulnerability
9316| [62467] Apache Qpid up to 0.17 denial of service
9317| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9318| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9319| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9320| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9321| [62035] Apache Struts up to 2.3.4 denial of service
9322| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
9323| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9324| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9325| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9326| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9327| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9328| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9329| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9330| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9331| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9332| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9333| [61229] Apache Sling up to 2.1.1 denial of service
9334| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9335| [61094] Apache Roller up to 5.0 cross site scripting
9336| [61093] Apache Roller up to 5.0 cross site request forgery
9337| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9338| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9339| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9340| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9341| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9342| [60708] Apache Qpid 0.12 unknown vulnerability
9343| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9344| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9345| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9346| [4882] Apache Wicket up to 1.5.4 directory traversal
9347| [4881] Apache Wicket up to 1.4.19 cross site scripting
9348| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9349| [60352] Apache Struts up to 2.2.3 memory corruption
9350| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9351| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9352| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9353| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9354| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9355| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9356| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9357| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9358| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9359| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9360| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9361| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9362| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9363| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9364| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9365| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9366| [59888] Apache Tomcat up to 6.0.6 denial of service
9367| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9368| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9369| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9370| [59850] Apache Geronimo up to 2.2.1 denial of service
9371| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9372| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9373| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9374| [58413] Apache Tomcat up to 6.0.10 spoofing
9375| [58381] Apache Wicket up to 1.4.17 cross site scripting
9376| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9377| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9378| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9379| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9380| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9381| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9382| [57568] Apache Archiva up to 1.3.4 cross site scripting
9383| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9384| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9385| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9386| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9387| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9388| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9389| [57025] Apache Tomcat up to 7.0.11 information disclosure
9390| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9391| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9392| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9393| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9394| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9395| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9396| [56512] Apache Continuum up to 1.4.0 cross site scripting
9397| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9398| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9399| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9400| [56441] Apache Tomcat up to 7.0.6 denial of service
9401| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9402| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9403| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9404| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9405| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9406| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9407| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9408| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9409| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9410| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9411| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9412| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9413| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9414| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9415| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9416| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9417| [54012] Apache Tomcat up to 6.0.10 denial of service
9418| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9419| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9420| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9421| [52894] Apache Tomcat up to 6.0.7 information disclosure
9422| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9423| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9424| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9425| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9426| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9427| [52584] Apache CouchDB up to 0.10.1 information disclosure
9428| [51757] Apache HTTP Server 2.0.44 cross site scripting
9429| [51756] Apache HTTP Server 2.0.44 spoofing
9430| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9431| [51690] Apache Tomcat up to 6.0 directory traversal
9432| [51689] Apache Tomcat up to 6.0 information disclosure
9433| [51688] Apache Tomcat up to 6.0 directory traversal
9434| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9435| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9436| [50626] Apache Solr 1.0.0 cross site scripting
9437| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9438| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9439| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9440| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9441| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9442| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9443| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9444| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9445| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9446| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9447| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9448| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9449| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9450| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9451| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9452| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9453| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9454| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9455| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9456| [47214] Apachefriends xampp 1.6.8 spoofing
9457| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9458| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9459| [47065] Apache Tomcat 4.1.23 cross site scripting
9460| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9461| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9462| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9463| [86625] Apache Struts directory traversal
9464| [44461] Apache Tomcat up to 5.5.0 information disclosure
9465| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9466| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9467| [43663] Apache Tomcat up to 6.0.16 directory traversal
9468| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9469| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9470| [43516] Apache Tomcat up to 4.1.20 directory traversal
9471| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9472| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9473| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9474| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9475| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9476| [40924] Apache Tomcat up to 6.0.15 information disclosure
9477| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9478| [40922] Apache Tomcat up to 6.0 information disclosure
9479| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9480| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9481| [40656] Apache Tomcat 5.5.20 information disclosure
9482| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9483| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9484| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9485| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9486| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9487| [40234] Apache Tomcat up to 6.0.15 directory traversal
9488| [40221] Apache HTTP Server 2.2.6 information disclosure
9489| [40027] David Castro Apache Authcas 0.4 sql injection
9490| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9491| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9492| [3414] Apache Tomcat WebDAV Stored privilege escalation
9493| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9494| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9495| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9496| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9497| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9498| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9499| [38524] Apache Geronimo 2.0 unknown vulnerability
9500| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9501| [38331] Apache Tomcat 4.1.24 information disclosure
9502| [38330] Apache Tomcat 4.1.24 information disclosure
9503| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9504| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9505| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9506| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9507| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9508| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9509| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9510| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9511| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9512| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9513| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9514| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9515| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9516| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9517| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9518| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9519| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9520| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9521| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9522| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9523| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9524| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9525| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9526| [34252] Apache HTTP Server denial of service
9527| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9528| [33877] Apache Opentaps 0.9.3 cross site scripting
9529| [33876] Apache Open For Business Project unknown vulnerability
9530| [33875] Apache Open For Business Project cross site scripting
9531| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9532| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9533|
9534| MITRE CVE - https://cve.mitre.org:
9535| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9536| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9537| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9538| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9539| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9540| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9541| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9542| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9543| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9544| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9545| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9546| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9547| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9548| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9549| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9550| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9551| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9552| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9553| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9554| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9555| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9556| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9557| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9558| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9559| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9560| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9561| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9562| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9563| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9564| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9565| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9566| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9567| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9568| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9569| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9570| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9571| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9572| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9573| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9574| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9575| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9576| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9577| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9578| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9579| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9580| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9581| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9582| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9583| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9584| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9585| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9586| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9587| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9588| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9589| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9590| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9591| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9592| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9593| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9594| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9595| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9596| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9597| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9598| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9599| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9600| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9601| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9602| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9603| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9604| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9605| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9606| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9607| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9608| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9609| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9610| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9611| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9612| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9613| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9614| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9615| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9616| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9617| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9618| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9619| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9620| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9621| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9622| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9623| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9624| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9625| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9626| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9627| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9628| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9629| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9630| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9631| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9632| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9633| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9634| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9635| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9636| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9637| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9638| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9639| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9640| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9641| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9642| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9643| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9644| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9645| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9646| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9647| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9648| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9649| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9650| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9651| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9652| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9653| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9654| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9655| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9656| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9657| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9658| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9659| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9660| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9661| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9662| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9663| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9664| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9665| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9666| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9667| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9668| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9669| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9670| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9671| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9672| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9673| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9674| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9675| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9676| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9677| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9678| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9679| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9680| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9681| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9682| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9683| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9684| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9685| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9686| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9687| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9688| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9689| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9690| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9691| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9692| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9693| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9694| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9695| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9696| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9697| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9698| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9699| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9700| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9701| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9702| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9703| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9704| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9705| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9706| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9707| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9708| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9709| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9710| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9711| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9712| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9713| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9714| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9715| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9716| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9717| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9718| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9719| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9720| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9721| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9722| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9723| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9724| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9725| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9726| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9727| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9728| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9729| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9730| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9731| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9732| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9733| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9734| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9735| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9736| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9737| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9738| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9739| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9740| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9741| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9742| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9743| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9744| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9745| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9746| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9747| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9748| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9749| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9750| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9751| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9752| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9753| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9754| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9755| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9756| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9757| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9758| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9759| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9760| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9761| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9762| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9763| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9764| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9765| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9766| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9767| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9768| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9769| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9770| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9771| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9772| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9773| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9774| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9775| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9776| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9777| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9778| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9779| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9780| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9781| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9782| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9783| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9784| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9785| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9786| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9787| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9788| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9789| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9790| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9791| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9792| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9793| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9794| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9795| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9796| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9797| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9798| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9799| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9800| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9801| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9802| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9803| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9804| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9805| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9806| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9807| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9808| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9809| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9810| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9811| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9812| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9813| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9814| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9815| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9816| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9817| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9818| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9819| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9820| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9821| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9822| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9823| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9824| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9825| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9826| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9827| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9828| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9829| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9830| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9831| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9832| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9833| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9834| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9835| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9836| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9837| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9838| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9839| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9840| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9841| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9842| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9843| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9844| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9845| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9846| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9847| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9848| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9849| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9850| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9851| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9852| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9853| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9854| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9855| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9856| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9857| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9858| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9859| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9860| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9861| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9862| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9863| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9864| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9865| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9866| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9867| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9868| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9869| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9870| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9871| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9872| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9873| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9874| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9875| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9876| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9877| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9878| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9879| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9880| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9881| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9882| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9883| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9884| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9885| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9886| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9887| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9888| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9889| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9890| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9891| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9892| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9893| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9894| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9895| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9896| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9897| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9898| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9899| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9900| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9901| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9902| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9903| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9904| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9905| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9906| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9907| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9908| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9909| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9910| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9911| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9912| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9913| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9914| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9915| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9916| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9917| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9918| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9919| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9920| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9921| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9922| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9923| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9924| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9925| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9926| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9927| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9928| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9929| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9930| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9931| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9932| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9933| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9934| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9935| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9936| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9937| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9938| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9939| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9940| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9941| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9942| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9943| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9944| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9945| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9946| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9947| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9948| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9949| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9950| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9951| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9952| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9953| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9954| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9955| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9956| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9957| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9958| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9959| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9960| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9961| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9962| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9963| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9964| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9965| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9966| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9967| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9968| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9969| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9970| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9971| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9972| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9973| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9974| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9975| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9976| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9977| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9978| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9979| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9980| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9981| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9982| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9983| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9984| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9985| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9986| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9987| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9988| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9989| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9990| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9991| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9992| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9993| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9994| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9995| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9996| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9997| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9998| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9999| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10000| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10001| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10002| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10003| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10004| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10005| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10006| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10007| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10008| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10009| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10010| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10011| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10012| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10013| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10014| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10015| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10016| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10017| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10018| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10019| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10020| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10021| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10022| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10023| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10024| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10025| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10026| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10027| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10028| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10029| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10030| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10031| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10032| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10033| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10034| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10035| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10036| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10037| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10038| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10039| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10040| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10041| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10042| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10043| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10044| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10045| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10046| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10047| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10048| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10049| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10050| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10051| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10052| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10053| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10054| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10055| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10056| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10057| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10058| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10059| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10060| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10061| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10062| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10063| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10064| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10065| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10066| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10067| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10068| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10069| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10070| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10071| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10072| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10073| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10074| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10075| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10076| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10077| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10078| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10079| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10080| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10081| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10082| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10083| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10084| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10085| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10086| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10087| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10088| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10089| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10090| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10091| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10092| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10093| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10094| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10095| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10096| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10097| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10098| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10099| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10100| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10101| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10102| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10103| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10104| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10105| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10106| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10107| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10108| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10109| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10110| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10111| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10112| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10113| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10114| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10115| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10116| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10117| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10118| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10119| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10120| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10121| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10122| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10123| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10124| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10125| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10126| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10127| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10128| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10129| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10130| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10131| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10132| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10133| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10134| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10135| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10136| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10137| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10138| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10139| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10140| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10141| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10142| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10143| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10144|
10145| SecurityFocus - https://www.securityfocus.com/bid/:
10146| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10147| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10148| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10149| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10150| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10151| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10152| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10153| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10154| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10155| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10156| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10157| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10158| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10159| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10160| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10161| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10162| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10163| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10164| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10165| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10166| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10167| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10168| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10169| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10170| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10171| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10172| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10173| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10174| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10175| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10176| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10177| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10178| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10179| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10180| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10181| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10182| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10183| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10184| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10185| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10186| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10187| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10188| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10189| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10190| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10191| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10192| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10193| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10194| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10195| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10196| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10197| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10198| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10199| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10200| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10201| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10202| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10203| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10204| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10205| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10206| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10207| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10208| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10209| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10210| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10211| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10212| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10213| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10214| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10215| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10216| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10217| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10218| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10219| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10220| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10221| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10222| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10223| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10224| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10225| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10226| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10227| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10228| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10229| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10230| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10231| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10232| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10233| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10234| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10235| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10236| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10237| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10238| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10239| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10240| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10241| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10242| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10243| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10244| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10245| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10246| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10247| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10248| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10249| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10250| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10251| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10252| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10253| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10254| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10255| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10256| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10257| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10258| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10259| [100447] Apache2Triad Multiple Security Vulnerabilities
10260| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10261| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10262| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10263| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10264| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10265| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10266| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10267| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10268| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10269| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10270| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10271| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10272| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10273| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10274| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10275| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10276| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10277| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10278| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10279| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10280| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10281| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10282| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10283| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10284| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10285| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10286| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10287| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10288| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10289| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10290| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10291| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10292| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10293| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10294| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10295| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10296| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10297| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10298| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10299| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10300| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10301| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10302| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10303| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10304| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10305| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10306| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10307| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10308| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10309| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10310| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10311| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10312| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10313| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10314| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10315| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10316| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10317| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10318| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10319| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10320| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10321| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10322| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10323| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10324| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10325| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10326| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10327| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10328| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10329| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10330| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10331| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10332| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10333| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10334| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10335| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10336| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10337| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10338| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10339| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10340| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10341| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10342| [95675] Apache Struts Remote Code Execution Vulnerability
10343| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10344| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10345| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10346| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10347| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10348| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10349| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10350| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10351| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10352| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10353| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10354| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10355| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10356| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10357| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10358| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10359| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10360| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10361| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10362| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10363| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10364| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10365| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10366| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10367| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10368| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10369| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10370| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10371| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10372| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10373| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10374| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10375| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10376| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10377| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10378| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10379| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10380| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10381| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10382| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10383| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10384| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10385| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10386| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10387| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10388| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10389| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10390| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10391| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10392| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10393| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10394| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10395| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10396| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10397| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10398| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10399| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10400| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10401| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10402| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10403| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10404| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10405| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10406| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10407| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10408| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10409| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10410| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10411| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10412| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10413| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10414| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10415| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10416| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10417| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10418| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10419| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10420| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10421| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10422| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10423| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10424| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10425| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10426| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10427| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10428| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10429| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10430| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10431| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10432| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10433| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10434| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10435| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10436| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10437| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10438| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10439| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10440| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10441| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10442| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10443| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10444| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10445| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10446| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10447| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10448| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10449| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10450| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10451| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10452| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10453| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10454| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10455| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10456| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10457| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10458| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10459| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10460| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10461| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10462| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10463| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10464| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10465| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10466| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10467| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10468| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10469| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10470| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10471| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10472| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10473| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10474| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10475| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10476| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10477| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10478| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10479| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10480| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10481| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10482| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10483| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10484| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10485| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10486| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10487| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10488| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10489| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10490| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10491| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10492| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10493| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10494| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10495| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10496| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10497| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10498| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10499| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10500| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10501| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10502| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10503| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10504| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10505| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10506| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10507| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10508| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10509| [76933] Apache James Server Unspecified Command Execution Vulnerability
10510| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10511| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10512| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10513| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10514| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10515| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10516| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10517| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10518| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10519| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10520| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10521| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10522| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10523| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10524| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10525| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10526| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10527| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10528| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10529| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10530| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10531| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10532| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10533| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10534| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10535| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10536| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10537| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10538| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10539| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10540| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10541| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10542| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10543| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10544| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10545| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10546| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10547| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10548| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10549| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10550| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10551| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10552| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10553| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10554| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10555| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10556| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10557| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10558| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10559| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10560| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10561| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10562| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10563| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10564| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10565| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10566| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10567| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10568| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10569| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10570| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10571| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10572| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10573| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10574| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10575| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10576| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10577| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10578| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10579| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10580| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10581| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10582| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10583| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10584| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10585| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10586| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10587| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10588| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10589| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10590| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10591| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10592| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10593| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10594| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10595| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10596| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10597| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10598| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10599| [68229] Apache Harmony PRNG Entropy Weakness
10600| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10601| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10602| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10603| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10604| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10605| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10606| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10607| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10608| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10609| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10610| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10611| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10612| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10613| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10614| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10615| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10616| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10617| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10618| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10619| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10620| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10621| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10622| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10623| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10624| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10625| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10626| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10627| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10628| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10629| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10630| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10631| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10632| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10633| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10634| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10635| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10636| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10637| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10638| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10639| [64780] Apache CloudStack Unauthorized Access Vulnerability
10640| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10641| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10642| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10643| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10644| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10645| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10646| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10647| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10648| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10649| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10650| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10651| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10652| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10653| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10654| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10655| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10656| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10657| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10658| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10659| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10660| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10661| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10662| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10663| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10664| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10665| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10666| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10667| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10668| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10669| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10670| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10671| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10672| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10673| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10674| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10675| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10676| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10677| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10678| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10679| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10680| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10681| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10682| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10683| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10684| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10685| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10686| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10687| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10688| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10689| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10690| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10691| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10692| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10693| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10694| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10695| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10696| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10697| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10698| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10699| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10700| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10701| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10702| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10703| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10704| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10705| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10706| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10707| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10708| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10709| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10710| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10711| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10712| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10713| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10714| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10715| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10716| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10717| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10718| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10719| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10720| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10721| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10722| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10723| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10724| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10725| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10726| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10727| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10728| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10729| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10730| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10731| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10732| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10733| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10734| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10735| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10736| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10737| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10738| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10739| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10740| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10741| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10742| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10743| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10744| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10745| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10746| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10747| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10748| [54798] Apache Libcloud Man In The Middle Vulnerability
10749| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10750| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10751| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10752| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10753| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10754| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10755| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10756| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10757| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10758| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10759| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10760| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10761| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10762| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10763| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10764| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10765| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10766| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10767| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10768| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10769| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10770| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10771| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10772| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10773| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10774| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10775| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10776| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10777| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10778| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10779| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10780| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10781| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10782| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10783| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10784| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10785| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10786| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10787| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10788| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10789| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10790| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10791| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10792| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10793| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10794| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10795| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10796| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10797| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10798| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10799| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10800| [49290] Apache Wicket Cross Site Scripting Vulnerability
10801| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10802| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10803| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10804| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10805| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10806| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10807| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10808| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10809| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10810| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10811| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10812| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10813| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10814| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10815| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10816| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10817| [46953] Apache MPM-ITK Module Security Weakness
10818| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10819| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10820| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10821| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10822| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10823| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10824| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10825| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10826| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10827| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10828| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10829| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10830| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10831| [44616] Apache Shiro Directory Traversal Vulnerability
10832| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10833| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10834| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10835| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10836| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10837| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10838| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10839| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10840| [42492] Apache CXF XML DTD Processing Security Vulnerability
10841| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10842| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10843| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10844| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10845| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10846| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10847| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10848| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10849| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10850| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10851| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10852| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10853| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10854| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10855| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10856| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10857| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10858| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10859| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10860| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10861| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10862| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10863| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10864| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10865| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10866| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10867| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10868| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10869| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10870| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10871| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10872| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10873| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10874| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10875| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10876| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10877| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10878| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10879| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10880| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10881| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10882| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10883| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10884| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10885| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10886| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10887| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10888| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10889| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10890| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10891| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10892| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10893| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10894| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10895| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10896| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10897| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10898| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10899| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10900| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10901| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10902| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10903| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10904| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10905| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10906| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10907| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10908| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10909| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10910| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10911| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10912| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10913| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10914| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10915| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10916| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10917| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10918| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10919| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10920| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10921| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10922| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10923| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10924| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10925| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10926| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10927| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10928| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10929| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10930| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10931| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10932| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10933| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10934| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10935| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10936| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10937| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10938| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10939| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10940| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10941| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10942| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10943| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10944| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10945| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10946| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10947| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10948| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10949| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10950| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10951| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10952| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10953| [20527] Apache Mod_TCL Remote Format String Vulnerability
10954| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10955| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10956| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10957| [19106] Apache Tomcat Information Disclosure Vulnerability
10958| [18138] Apache James SMTP Denial Of Service Vulnerability
10959| [17342] Apache Struts Multiple Remote Vulnerabilities
10960| [17095] Apache Log4Net Denial Of Service Vulnerability
10961| [16916] Apache mod_python FileSession Code Execution Vulnerability
10962| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10963| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10964| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10965| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10966| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10967| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10968| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10969| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10970| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10971| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10972| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10973| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10974| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10975| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10976| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10977| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10978| [14106] Apache HTTP Request Smuggling Vulnerability
10979| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10980| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10981| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10982| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10983| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10984| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10985| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10986| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10987| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10988| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10989| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10990| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10991| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10992| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10993| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10994| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10995| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10996| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10997| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10998| [11094] Apache mod_ssl Denial Of Service Vulnerability
10999| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11000| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11001| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11002| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11003| [10478] ClueCentral Apache Suexec Patch Security Weakness
11004| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11005| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11006| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11007| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11008| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11009| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11010| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11011| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11012| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11013| [9733] Apache Cygwin Directory Traversal Vulnerability
11014| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11015| [9590] Apache-SSL Client Certificate Forging Vulnerability
11016| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11017| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11018| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11019| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11020| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11021| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11022| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11023| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11024| [8898] Red Hat Apache Directory Index Default Configuration Error
11025| [8883] Apache Cocoon Directory Traversal Vulnerability
11026| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11027| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11028| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11029| [8707] Apache htpasswd Password Entropy Weakness
11030| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11031| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11032| [8226] Apache HTTP Server Multiple Vulnerabilities
11033| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11034| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11035| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11036| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11037| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11038| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11039| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11040| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11041| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11042| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11043| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11044| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11045| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11046| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11047| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11048| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11049| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11050| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11051| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11052| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11053| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11054| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11055| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11056| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11057| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11058| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11059| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11060| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11061| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11062| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11063| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11064| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11065| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11066| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11067| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11068| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11069| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11070| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11071| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11072| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11073| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11074| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11075| [5485] Apache 2.0 Path Disclosure Vulnerability
11076| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11077| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11078| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11079| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11080| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11081| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11082| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11083| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11084| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11085| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11086| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11087| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11088| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11089| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11090| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11091| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11092| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11093| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11094| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11095| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11096| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11097| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11098| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11099| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11100| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11101| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11102| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11103| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11104| [3596] Apache Split-Logfile File Append Vulnerability
11105| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11106| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11107| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11108| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11109| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11110| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11111| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11112| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11113| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11114| [3169] Apache Server Address Disclosure Vulnerability
11115| [3009] Apache Possible Directory Index Disclosure Vulnerability
11116| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11117| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11118| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11119| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11120| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11121| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11122| [2216] Apache Web Server DoS Vulnerability
11123| [2182] Apache /tmp File Race Vulnerability
11124| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11125| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11126| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11127| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11128| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11129| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11130| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11131| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11132| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11133| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11134| [1457] Apache::ASP source.asp Example Script Vulnerability
11135| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11136| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11137|
11138| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11139| [86258] Apache CloudStack text fields cross-site scripting
11140| [85983] Apache Subversion mod_dav_svn module denial of service
11141| [85875] Apache OFBiz UEL code execution
11142| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11143| [85871] Apache HTTP Server mod_session_dbd unspecified
11144| [85756] Apache Struts OGNL expression command execution
11145| [85755] Apache Struts DefaultActionMapper class open redirect
11146| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11147| [85574] Apache HTTP Server mod_dav denial of service
11148| [85573] Apache Struts Showcase App OGNL code execution
11149| [85496] Apache CXF denial of service
11150| [85423] Apache Geronimo RMI classloader code execution
11151| [85326] Apache Santuario XML Security for C++ buffer overflow
11152| [85323] Apache Santuario XML Security for Java spoofing
11153| [85319] Apache Qpid Python client SSL spoofing
11154| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11155| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11156| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11157| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11158| [84952] Apache Tomcat CVE-2012-3544 denial of service
11159| [84763] Apache Struts CVE-2013-2135 security bypass
11160| [84762] Apache Struts CVE-2013-2134 security bypass
11161| [84719] Apache Subversion CVE-2013-2088 command execution
11162| [84718] Apache Subversion CVE-2013-2112 denial of service
11163| [84717] Apache Subversion CVE-2013-1968 denial of service
11164| [84577] Apache Tomcat security bypass
11165| [84576] Apache Tomcat symlink
11166| [84543] Apache Struts CVE-2013-2115 security bypass
11167| [84542] Apache Struts CVE-2013-1966 security bypass
11168| [84154] Apache Tomcat session hijacking
11169| [84144] Apache Tomcat denial of service
11170| [84143] Apache Tomcat information disclosure
11171| [84111] Apache HTTP Server command execution
11172| [84043] Apache Virtual Computing Lab cross-site scripting
11173| [84042] Apache Virtual Computing Lab cross-site scripting
11174| [83782] Apache CloudStack information disclosure
11175| [83781] Apache CloudStack security bypass
11176| [83720] Apache ActiveMQ cross-site scripting
11177| [83719] Apache ActiveMQ denial of service
11178| [83718] Apache ActiveMQ denial of service
11179| [83263] Apache Subversion denial of service
11180| [83262] Apache Subversion denial of service
11181| [83261] Apache Subversion denial of service
11182| [83259] Apache Subversion denial of service
11183| [83035] Apache mod_ruid2 security bypass
11184| [82852] Apache Qpid federation_tag security bypass
11185| [82851] Apache Qpid qpid::framing::Buffer denial of service
11186| [82758] Apache Rave User RPC API information disclosure
11187| [82663] Apache Subversion svn_fs_file_length() denial of service
11188| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11189| [82641] Apache Qpid AMQP denial of service
11190| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11191| [82618] Apache Commons FileUpload symlink
11192| [82360] Apache HTTP Server manager interface cross-site scripting
11193| [82359] Apache HTTP Server hostnames cross-site scripting
11194| [82338] Apache Tomcat log/logdir information disclosure
11195| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11196| [82268] Apache OpenJPA deserialization command execution
11197| [81981] Apache CXF UsernameTokens security bypass
11198| [81980] Apache CXF WS-Security security bypass
11199| [81398] Apache OFBiz cross-site scripting
11200| [81240] Apache CouchDB directory traversal
11201| [81226] Apache CouchDB JSONP code execution
11202| [81225] Apache CouchDB Futon user interface cross-site scripting
11203| [81211] Apache Axis2/C SSL spoofing
11204| [81167] Apache CloudStack DeployVM information disclosure
11205| [81166] Apache CloudStack AddHost API information disclosure
11206| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11207| [80518] Apache Tomcat cross-site request forgery security bypass
11208| [80517] Apache Tomcat FormAuthenticator security bypass
11209| [80516] Apache Tomcat NIO denial of service
11210| [80408] Apache Tomcat replay-countermeasure security bypass
11211| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11212| [80317] Apache Tomcat slowloris denial of service
11213| [79984] Apache Commons HttpClient SSL spoofing
11214| [79983] Apache CXF SSL spoofing
11215| [79830] Apache Axis2/Java SSL spoofing
11216| [79829] Apache Axis SSL spoofing
11217| [79809] Apache Tomcat DIGEST security bypass
11218| [79806] Apache Tomcat parseHeaders() denial of service
11219| [79540] Apache OFBiz unspecified
11220| [79487] Apache Axis2 SAML security bypass
11221| [79212] Apache Cloudstack code execution
11222| [78734] Apache CXF SOAP Action security bypass
11223| [78730] Apache Qpid broker denial of service
11224| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11225| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11226| [78562] Apache mod_pagespeed module security bypass
11227| [78454] Apache Axis2 security bypass
11228| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11229| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11230| [78321] Apache Wicket unspecified cross-site scripting
11231| [78183] Apache Struts parameters denial of service
11232| [78182] Apache Struts cross-site request forgery
11233| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11234| [77987] mod_rpaf module for Apache denial of service
11235| [77958] Apache Struts skill name code execution
11236| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11237| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11238| [77568] Apache Qpid broker security bypass
11239| [77421] Apache Libcloud spoofing
11240| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11241| [77046] Oracle Solaris Apache HTTP Server information disclosure
11242| [76837] Apache Hadoop information disclosure
11243| [76802] Apache Sling CopyFrom denial of service
11244| [76692] Apache Hadoop symlink
11245| [76535] Apache Roller console cross-site request forgery
11246| [76534] Apache Roller weblog cross-site scripting
11247| [76152] Apache CXF elements security bypass
11248| [76151] Apache CXF child policies security bypass
11249| [75983] MapServer for Windows Apache file include
11250| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11251| [75558] Apache POI denial of service
11252| [75545] PHP apache_request_headers() buffer overflow
11253| [75302] Apache Qpid SASL security bypass
11254| [75211] Debian GNU/Linux apache 2 cross-site scripting
11255| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11256| [74871] Apache OFBiz FlexibleStringExpander code execution
11257| [74870] Apache OFBiz multiple cross-site scripting
11258| [74750] Apache Hadoop unspecified spoofing
11259| [74319] Apache Struts XSLTResult.java file upload
11260| [74313] Apache Traffic Server header buffer overflow
11261| [74276] Apache Wicket directory traversal
11262| [74273] Apache Wicket unspecified cross-site scripting
11263| [74181] Apache HTTP Server mod_fcgid module denial of service
11264| [73690] Apache Struts OGNL code execution
11265| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11266| [73100] Apache MyFaces in directory traversal
11267| [73096] Apache APR hash denial of service
11268| [73052] Apache Struts name cross-site scripting
11269| [73030] Apache CXF UsernameToken security bypass
11270| [72888] Apache Struts lastName cross-site scripting
11271| [72758] Apache HTTP Server httpOnly information disclosure
11272| [72757] Apache HTTP Server MPM denial of service
11273| [72585] Apache Struts ParameterInterceptor security bypass
11274| [72438] Apache Tomcat Digest security bypass
11275| [72437] Apache Tomcat Digest security bypass
11276| [72436] Apache Tomcat DIGEST security bypass
11277| [72425] Apache Tomcat parameter denial of service
11278| [72422] Apache Tomcat request object information disclosure
11279| [72377] Apache HTTP Server scoreboard security bypass
11280| [72345] Apache HTTP Server HTTP request denial of service
11281| [72229] Apache Struts ExceptionDelegator command execution
11282| [72089] Apache Struts ParameterInterceptor directory traversal
11283| [72088] Apache Struts CookieInterceptor command execution
11284| [72047] Apache Geronimo hash denial of service
11285| [72016] Apache Tomcat hash denial of service
11286| [71711] Apache Struts OGNL expression code execution
11287| [71654] Apache Struts interfaces security bypass
11288| [71620] Apache ActiveMQ failover denial of service
11289| [71617] Apache HTTP Server mod_proxy module information disclosure
11290| [71508] Apache MyFaces EL security bypass
11291| [71445] Apache HTTP Server mod_proxy security bypass
11292| [71203] Apache Tomcat servlets privilege escalation
11293| [71181] Apache HTTP Server ap_pregsub() denial of service
11294| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11295| [70336] Apache HTTP Server mod_proxy information disclosure
11296| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11297| [69472] Apache Tomcat AJP security bypass
11298| [69396] Apache HTTP Server ByteRange filter denial of service
11299| [69394] Apache Wicket multi window support cross-site scripting
11300| [69176] Apache Tomcat XML information disclosure
11301| [69161] Apache Tomcat jsvc information disclosure
11302| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11303| [68541] Apache Tomcat sendfile information disclosure
11304| [68420] Apache XML Security denial of service
11305| [68238] Apache Tomcat JMX information disclosure
11306| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11307| [67804] Apache Subversion control rules information disclosure
11308| [67803] Apache Subversion control rules denial of service
11309| [67802] Apache Subversion baselined denial of service
11310| [67672] Apache Archiva multiple cross-site scripting
11311| [67671] Apache Archiva multiple cross-site request forgery
11312| [67564] Apache APR apr_fnmatch() denial of service
11313| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11314| [67515] Apache Tomcat annotations security bypass
11315| [67480] Apache Struts s:submit information disclosure
11316| [67414] Apache APR apr_fnmatch() denial of service
11317| [67356] Apache Struts javatemplates cross-site scripting
11318| [67354] Apache Struts Xwork cross-site scripting
11319| [66676] Apache Tomcat HTTP BIO information disclosure
11320| [66675] Apache Tomcat web.xml security bypass
11321| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11322| [66241] Apache HttpComponents information disclosure
11323| [66154] Apache Tomcat ServletSecurity security bypass
11324| [65971] Apache Tomcat ServletSecurity security bypass
11325| [65876] Apache Subversion mod_dav_svn denial of service
11326| [65343] Apache Continuum unspecified cross-site scripting
11327| [65162] Apache Tomcat NIO connector denial of service
11328| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11329| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11330| [65159] Apache Tomcat ServletContect security bypass
11331| [65050] Apache CouchDB web-based administration UI cross-site scripting
11332| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11333| [64473] Apache Subversion blame -g denial of service
11334| [64472] Apache Subversion walk() denial of service
11335| [64407] Apache Axis2 CVE-2010-0219 code execution
11336| [63926] Apache Archiva password privilege escalation
11337| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11338| [63493] Apache Archiva credentials cross-site request forgery
11339| [63477] Apache Tomcat HttpOnly session hijacking
11340| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11341| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11342| [62959] Apache Shiro filters security bypass
11343| [62790] Apache Perl cgi module denial of service
11344| [62576] Apache Qpid exchange denial of service
11345| [62575] Apache Qpid AMQP denial of service
11346| [62354] Apache Qpid SSL denial of service
11347| [62235] Apache APR-util apr_brigade_split_line() denial of service
11348| [62181] Apache XML-RPC SAX Parser information disclosure
11349| [61721] Apache Traffic Server cache poisoning
11350| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11351| [61186] Apache CouchDB Futon cross-site request forgery
11352| [61169] Apache CXF DTD denial of service
11353| [61070] Apache Jackrabbit search.jsp SQL injection
11354| [61006] Apache SLMS Quoting cross-site request forgery
11355| [60962] Apache Tomcat time cross-site scripting
11356| [60883] Apache mod_proxy_http information disclosure
11357| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11358| [60264] Apache Tomcat Transfer-Encoding denial of service
11359| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11360| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11361| [59413] Apache mod_proxy_http timeout information disclosure
11362| [59058] Apache MyFaces unencrypted view state cross-site scripting
11363| [58827] Apache Axis2 xsd file include
11364| [58790] Apache Axis2 modules cross-site scripting
11365| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11366| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11367| [58056] Apache ActiveMQ .jsp source code disclosure
11368| [58055] Apache Tomcat realm name information disclosure
11369| [58046] Apache HTTP Server mod_auth_shadow security bypass
11370| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11371| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11372| [57429] Apache CouchDB algorithms information disclosure
11373| [57398] Apache ActiveMQ Web console cross-site request forgery
11374| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11375| [56653] Apache HTTP Server DNS spoofing
11376| [56652] Apache HTTP Server DNS cross-site scripting
11377| [56625] Apache HTTP Server request header information disclosure
11378| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11379| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11380| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11381| [55857] Apache Tomcat WAR files directory traversal
11382| [55856] Apache Tomcat autoDeploy attribute security bypass
11383| [55855] Apache Tomcat WAR directory traversal
11384| [55210] Intuit component for Joomla! Apache information disclosure
11385| [54533] Apache Tomcat 404 error page cross-site scripting
11386| [54182] Apache Tomcat admin default password
11387| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11388| [53666] Apache HTTP Server Solaris pollset support denial of service
11389| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11390| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11391| [53041] mod_proxy_ftp module for Apache denial of service
11392| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11393| [51953] Apache Tomcat Path Disclosure
11394| [51952] Apache Tomcat Path Traversal
11395| [51951] Apache stronghold-status Information Disclosure
11396| [51950] Apache stronghold-info Information Disclosure
11397| [51949] Apache PHP Source Code Disclosure
11398| [51948] Apache Multiviews Attack
11399| [51946] Apache JServ Environment Status Information Disclosure
11400| [51945] Apache error_log Information Disclosure
11401| [51944] Apache Default Installation Page Pattern Found
11402| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11403| [51942] Apache AXIS XML External Entity File Retrieval
11404| [51941] Apache AXIS Sample Servlet Information Leak
11405| [51940] Apache access_log Information Disclosure
11406| [51626] Apache mod_deflate denial of service
11407| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11408| [51365] Apache Tomcat RequestDispatcher security bypass
11409| [51273] Apache HTTP Server Incomplete Request denial of service
11410| [51195] Apache Tomcat XML information disclosure
11411| [50994] Apache APR-util xml/apr_xml.c denial of service
11412| [50993] Apache APR-util apr_brigade_vprintf denial of service
11413| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11414| [50930] Apache Tomcat j_security_check information disclosure
11415| [50928] Apache Tomcat AJP denial of service
11416| [50884] Apache HTTP Server XML ENTITY denial of service
11417| [50808] Apache HTTP Server AllowOverride privilege escalation
11418| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11419| [50059] Apache mod_proxy_ajp information disclosure
11420| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11421| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11422| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11423| [49921] Apache ActiveMQ Web interface cross-site scripting
11424| [49898] Apache Geronimo Services/Repository directory traversal
11425| [49725] Apache Tomcat mod_jk module information disclosure
11426| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11427| [49712] Apache Struts unspecified cross-site scripting
11428| [49213] Apache Tomcat cal2.jsp cross-site scripting
11429| [48934] Apache Tomcat POST doRead method information disclosure
11430| [48211] Apache Tomcat header HTTP request smuggling
11431| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11432| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11433| [47709] Apache Roller "
11434| [47104] Novell Netware ApacheAdmin console security bypass
11435| [47086] Apache HTTP Server OS fingerprinting unspecified
11436| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11437| [45791] Apache Tomcat RemoteFilterValve security bypass
11438| [44435] Oracle WebLogic Apache Connector buffer overflow
11439| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11440| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11441| [44156] Apache Tomcat RequestDispatcher directory traversal
11442| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11443| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11444| [42987] Apache HTTP Server mod_proxy module denial of service
11445| [42915] Apache Tomcat JSP files path disclosure
11446| [42914] Apache Tomcat MS-DOS path disclosure
11447| [42892] Apache Tomcat unspecified unauthorized access
11448| [42816] Apache Tomcat Host Manager cross-site scripting
11449| [42303] Apache 403 error cross-site scripting
11450| [41618] Apache-SSL ExpandCert() authentication bypass
11451| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11452| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11453| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11454| [40562] Apache Geronimo init information disclosure
11455| [40478] Novell Web Manager webadmin-apache.conf security bypass
11456| [40411] Apache Tomcat exception handling information disclosure
11457| [40409] Apache Tomcat native (APR based) connector weak security
11458| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11459| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11460| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11461| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11462| [39804] Apache Tomcat SingleSignOn information disclosure
11463| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11464| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11465| [39608] Apache HTTP Server balancer manager cross-site request forgery
11466| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11467| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11468| [39472] Apache HTTP Server mod_status cross-site scripting
11469| [39201] Apache Tomcat JULI logging weak security
11470| [39158] Apache HTTP Server Windows SMB shares information disclosure
11471| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11472| [38951] Apache::AuthCAS Perl module cookie SQL injection
11473| [38800] Apache HTTP Server 413 error page cross-site scripting
11474| [38211] Apache Geronimo SQLLoginModule authentication bypass
11475| [37243] Apache Tomcat WebDAV directory traversal
11476| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11477| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11478| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11479| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11480| [36782] Apache Geronimo MEJB unauthorized access
11481| [36586] Apache HTTP Server UTF-7 cross-site scripting
11482| [36468] Apache Geronimo LoginModule security bypass
11483| [36467] Apache Tomcat functions.jsp cross-site scripting
11484| [36402] Apache Tomcat calendar cross-site request forgery
11485| [36354] Apache HTTP Server mod_proxy module denial of service
11486| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11487| [36336] Apache Derby lock table privilege escalation
11488| [36335] Apache Derby schema privilege escalation
11489| [36006] Apache Tomcat "
11490| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11491| [35999] Apache Tomcat \"
11492| [35795] Apache Tomcat CookieExample cross-site scripting
11493| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11494| [35384] Apache HTTP Server mod_cache module denial of service
11495| [35097] Apache HTTP Server mod_status module cross-site scripting
11496| [35095] Apache HTTP Server Prefork MPM module denial of service
11497| [34984] Apache HTTP Server recall_headers information disclosure
11498| [34966] Apache HTTP Server MPM content spoofing
11499| [34965] Apache HTTP Server MPM information disclosure
11500| [34963] Apache HTTP Server MPM multiple denial of service
11501| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11502| [34869] Apache Tomcat JSP example Web application cross-site scripting
11503| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11504| [34496] Apache Tomcat JK Connector security bypass
11505| [34377] Apache Tomcat hello.jsp cross-site scripting
11506| [34212] Apache Tomcat SSL configuration security bypass
11507| [34210] Apache Tomcat Accept-Language cross-site scripting
11508| [34209] Apache Tomcat calendar application cross-site scripting
11509| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11510| [34167] Apache Axis WSDL file path disclosure
11511| [34068] Apache Tomcat AJP connector information disclosure
11512| [33584] Apache HTTP Server suEXEC privilege escalation
11513| [32988] Apache Tomcat proxy module directory traversal
11514| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11515| [32708] Debian Apache tty privilege escalation
11516| [32441] ApacheStats extract() PHP call unspecified
11517| [32128] Apache Tomcat default account
11518| [31680] Apache Tomcat RequestParamExample cross-site scripting
11519| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11520| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11521| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11522| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11523| [29550] Apache mod_tcl set_var() format string
11524| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11525| [28357] Apache HTTP Server mod_alias script source information disclosure
11526| [28063] Apache mod_rewrite off-by-one buffer overflow
11527| [27902] Apache Tomcat URL information disclosure
11528| [26786] Apache James SMTP server denial of service
11529| [25680] libapache2 /tmp/svn file upload
11530| [25614] Apache Struts lookupMap cross-site scripting
11531| [25613] Apache Struts ActionForm denial of service
11532| [25612] Apache Struts isCancelled() security bypass
11533| [24965] Apache mod_python FileSession command execution
11534| [24716] Apache James spooler memory leak denial of service
11535| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11536| [24158] Apache Geronimo jsp-examples cross-site scripting
11537| [24030] Apache auth_ldap module multiple format strings
11538| [24008] Apache mod_ssl custom error message denial of service
11539| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11540| [23612] Apache mod_imap referer field cross-site scripting
11541| [23173] Apache Struts error message cross-site scripting
11542| [22942] Apache Tomcat directory listing denial of service
11543| [22858] Apache Multi-Processing Module code allows denial of service
11544| [22602] RHSA-2005:582 updates for Apache httpd not installed
11545| [22520] Apache mod-auth-shadow "
11546| [22466] ApacheTop symlink
11547| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11548| [22006] Apache HTTP Server byte-range filter denial of service
11549| [21567] Apache mod_ssl off-by-one buffer overflow
11550| [21195] Apache HTTP Server header HTTP request smuggling
11551| [20383] Apache HTTP Server htdigest buffer overflow
11552| [19681] Apache Tomcat AJP12 request denial of service
11553| [18993] Apache HTTP server check_forensic symlink attack
11554| [18790] Apache Tomcat Manager cross-site scripting
11555| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11556| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11557| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11558| [17961] Apache Web server ServerTokens has not been set
11559| [17930] Apache HTTP Server HTTP GET request denial of service
11560| [17785] Apache mod_include module buffer overflow
11561| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11562| [17473] Apache HTTP Server Satisfy directive allows access to resources
11563| [17413] Apache htpasswd buffer overflow
11564| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11565| [17382] Apache HTTP Server IPv6 apr_util denial of service
11566| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11567| [17273] Apache HTTP Server speculative mode denial of service
11568| [17200] Apache HTTP Server mod_ssl denial of service
11569| [16890] Apache HTTP Server server-info request has been detected
11570| [16889] Apache HTTP Server server-status request has been detected
11571| [16705] Apache mod_ssl format string attack
11572| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11573| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11574| [16230] Apache HTTP Server PHP denial of service
11575| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11576| [15958] Apache HTTP Server authentication modules memory corruption
11577| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11578| [15540] Apache HTTP Server socket starvation denial of service
11579| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11580| [15422] Apache HTTP Server mod_access information disclosure
11581| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11582| [15293] Apache for Cygwin "
11583| [15065] Apache-SSL has a default password
11584| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11585| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11586| [14751] Apache Mod_python output filter information disclosure
11587| [14125] Apache HTTP Server mod_userdir module information disclosure
11588| [14075] Apache HTTP Server mod_php file descriptor leak
11589| [13703] Apache HTTP Server account
11590| [13689] Apache HTTP Server configuration allows symlinks
11591| [13688] Apache HTTP Server configuration allows SSI
11592| [13687] Apache HTTP Server Server: header value
11593| [13685] Apache HTTP Server ServerTokens value
11594| [13684] Apache HTTP Server ServerSignature value
11595| [13672] Apache HTTP Server config allows directory autoindexing
11596| [13671] Apache HTTP Server default content
11597| [13670] Apache HTTP Server config file directive references outside content root
11598| [13668] Apache HTTP Server httpd not running in chroot environment
11599| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11600| [13664] Apache HTTP Server config file contains ScriptAlias entry
11601| [13663] Apache HTTP Server CGI support modules loaded
11602| [13661] Apache HTTP Server config file contains AddHandler entry
11603| [13660] Apache HTTP Server 500 error page not CGI script
11604| [13659] Apache HTTP Server 413 error page not CGI script
11605| [13658] Apache HTTP Server 403 error page not CGI script
11606| [13657] Apache HTTP Server 401 error page not CGI script
11607| [13552] Apache HTTP Server mod_cgid module information disclosure
11608| [13550] Apache GET request directory traversal
11609| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11610| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11611| [13429] Apache Tomcat non-HTTP request denial of service
11612| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11613| [13295] Apache weak password encryption
11614| [13254] Apache Tomcat .jsp cross-site scripting
11615| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11616| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11617| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11618| [12662] Apache HTTP Server rotatelogs denial of service
11619| [12554] Apache Tomcat stores password in plain text
11620| [12553] Apache HTTP Server redirects and subrequests denial of service
11621| [12552] Apache HTTP Server FTP proxy server denial of service
11622| [12551] Apache HTTP Server prefork MPM denial of service
11623| [12550] Apache HTTP Server weaker than expected encryption
11624| [12549] Apache HTTP Server type-map file denial of service
11625| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11626| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11627| [12091] Apache HTTP Server apr_password_validate denial of service
11628| [12090] Apache HTTP Server apr_psprintf code execution
11629| [11804] Apache HTTP Server mod_access_referer denial of service
11630| [11750] Apache HTTP Server could leak sensitive file descriptors
11631| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11632| [11703] Apache long slash path allows directory listing
11633| [11695] Apache HTTP Server LF (Line Feed) denial of service
11634| [11694] Apache HTTP Server filestat.c denial of service
11635| [11438] Apache HTTP Server MIME message boundaries information disclosure
11636| [11412] Apache HTTP Server error log terminal escape sequence injection
11637| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11638| [11195] Apache Tomcat web.xml could be used to read files
11639| [11194] Apache Tomcat URL appended with a null character could list directories
11640| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11641| [11126] Apache HTTP Server illegal character file disclosure
11642| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11643| [11124] Apache HTTP Server DOS device name denial of service
11644| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11645| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11646| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11647| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11648| [10499] Apache HTTP Server WebDAV HTTP POST view source
11649| [10457] Apache HTTP Server mod_ssl "
11650| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11651| [10414] Apache HTTP Server htdigest multiple buffer overflows
11652| [10413] Apache HTTP Server htdigest temporary file race condition
11653| [10412] Apache HTTP Server htpasswd temporary file race condition
11654| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11655| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11656| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11657| [10280] Apache HTTP Server shared memory scorecard overwrite
11658| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11659| [10241] Apache HTTP Server Host: header cross-site scripting
11660| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11661| [10208] Apache HTTP Server mod_dav denial of service
11662| [10206] HP VVOS Apache mod_ssl denial of service
11663| [10200] Apache HTTP Server stderr denial of service
11664| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11665| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11666| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11667| [10098] Slapper worm targets OpenSSL/Apache systems
11668| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11669| [9875] Apache HTTP Server .var file request could disclose installation path
11670| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11671| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11672| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11673| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11674| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11675| [9396] Apache Tomcat null character to threads denial of service
11676| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11677| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11678| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11679| [8932] Apache Tomcat example class information disclosure
11680| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11681| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11682| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11683| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11684| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11685| [8400] Apache HTTP Server mod_frontpage buffer overflows
11686| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11687| [8308] Apache "
11688| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11689| [8119] Apache and PHP OPTIONS request reveals "
11690| [8054] Apache is running on the system
11691| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11692| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11693| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11694| [7836] Apache HTTP Server log directory denial of service
11695| [7815] Apache for Windows "
11696| [7810] Apache HTTP request could result in unexpected behavior
11697| [7599] Apache Tomcat reveals installation path
11698| [7494] Apache "
11699| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11700| [7363] Apache Web Server hidden HTTP requests
11701| [7249] Apache mod_proxy denial of service
11702| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11703| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11704| [7059] Apache "
11705| [7057] Apache "
11706| [7056] Apache "
11707| [7055] Apache "
11708| [7054] Apache "
11709| [6997] Apache Jakarta Tomcat error message may reveal information
11710| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11711| [6970] Apache crafted HTTP request could reveal the internal IP address
11712| [6921] Apache long slash path allows directory listing
11713| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11714| [6527] Apache Web Server for Windows and OS2 denial of service
11715| [6316] Apache Jakarta Tomcat may reveal JSP source code
11716| [6305] Apache Jakarta Tomcat directory traversal
11717| [5926] Linux Apache symbolic link
11718| [5659] Apache Web server discloses files when used with php script
11719| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11720| [5204] Apache WebDAV directory listings
11721| [5197] Apache Web server reveals CGI script source code
11722| [5160] Apache Jakarta Tomcat default installation
11723| [5099] Trustix Secure Linux installs Apache with world writable access
11724| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11725| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11726| [4931] Apache source.asp example file allows users to write to files
11727| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11728| [4205] Apache Jakarta Tomcat delivers file contents
11729| [2084] Apache on Debian by default serves the /usr/doc directory
11730| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11731| [697] Apache HTTP server beck exploit
11732| [331] Apache cookies buffer overflow
11733|
11734| Exploit-DB - https://www.exploit-db.com:
11735| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11736| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11737| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11738| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11739| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11740| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11741| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11742| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11743| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11744| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11745| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11746| [29859] Apache Roller OGNL Injection
11747| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11748| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11749| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11750| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11751| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11752| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11753| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11754| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11755| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11756| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11757| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11758| [27096] Apache Geronimo 1.0 Error Page XSS
11759| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11760| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11761| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11762| [25986] Plesk Apache Zeroday Remote Exploit
11763| [25980] Apache Struts includeParams Remote Code Execution
11764| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11765| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11766| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11767| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11768| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11769| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11770| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11771| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11772| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11773| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11774| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11775| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11776| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11777| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11778| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11779| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11780| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11781| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11782| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11783| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11784| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11785| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11786| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11787| [21719] Apache 2.0 Path Disclosure Vulnerability
11788| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11789| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11790| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11791| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11792| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11793| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11794| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11795| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11796| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11797| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11798| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11799| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11800| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11801| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11802| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11803| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11804| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11805| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11806| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11807| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11808| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11809| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11810| [20558] Apache 1.2 Web Server DoS Vulnerability
11811| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11812| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11813| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11814| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11815| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11816| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11817| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11818| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11819| [19231] PHP apache_request_headers Function Buffer Overflow
11820| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11821| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11822| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11823| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11824| [18442] Apache httpOnly Cookie Disclosure
11825| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11826| [18221] Apache HTTP Server Denial of Service
11827| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11828| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11829| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11830| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11831| [16782] Apache Win32 Chunked Encoding
11832| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11833| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11834| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11835| [15319] Apache 2.2 (Windows) Local Denial of Service
11836| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11837| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11838| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11839| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11840| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11841| [12330] Apache OFBiz - Multiple XSS
11842| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11843| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11844| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11845| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11846| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11847| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11848| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11849| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11850| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11851| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11852| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11853| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11854| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11855| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11856| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11857| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11858| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11859| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11860| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11861| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11862| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11863| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11864| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11865| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11866| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11867| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11868| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11869| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11870| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11871| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11872| [466] htpasswd Apache 1.3.31 - Local Exploit
11873| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11874| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11875| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11876| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11877| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11878| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11879| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11880| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11881| [9] Apache HTTP Server 2.x Memory Leak Exploit
11882|
11883| OpenVAS (Nessus) - http://www.openvas.org:
11884| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11885| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11886| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11887| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11888| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11889| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11890| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11891| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11892| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11893| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11894| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11895| [900571] Apache APR-Utils Version Detection
11896| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11897| [900496] Apache Tiles Multiple XSS Vulnerability
11898| [900493] Apache Tiles Version Detection
11899| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11900| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11901| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11902| [870175] RedHat Update for apache RHSA-2008:0004-01
11903| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11904| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11905| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11906| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11907| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11908| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11909| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11910| [855821] Solaris Update for Apache 1.3 122912-19
11911| [855812] Solaris Update for Apache 1.3 122911-19
11912| [855737] Solaris Update for Apache 1.3 122911-17
11913| [855731] Solaris Update for Apache 1.3 122912-17
11914| [855695] Solaris Update for Apache 1.3 122911-16
11915| [855645] Solaris Update for Apache 1.3 122912-16
11916| [855587] Solaris Update for kernel update and Apache 108529-29
11917| [855566] Solaris Update for Apache 116973-07
11918| [855531] Solaris Update for Apache 116974-07
11919| [855524] Solaris Update for Apache 2 120544-14
11920| [855494] Solaris Update for Apache 1.3 122911-15
11921| [855478] Solaris Update for Apache Security 114145-11
11922| [855472] Solaris Update for Apache Security 113146-12
11923| [855179] Solaris Update for Apache 1.3 122912-15
11924| [855147] Solaris Update for kernel update and Apache 108528-29
11925| [855077] Solaris Update for Apache 2 120543-14
11926| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11927| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11928| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11929| [841209] Ubuntu Update for apache2 USN-1627-1
11930| [840900] Ubuntu Update for apache2 USN-1368-1
11931| [840798] Ubuntu Update for apache2 USN-1259-1
11932| [840734] Ubuntu Update for apache2 USN-1199-1
11933| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11934| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11935| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11936| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11937| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11938| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11939| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11940| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11941| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11942| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11943| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11944| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11945| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11946| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11947| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11948| [835188] HP-UX Update for Apache HPSBUX02308
11949| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11950| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11951| [835172] HP-UX Update for Apache HPSBUX02365
11952| [835168] HP-UX Update for Apache HPSBUX02313
11953| [835148] HP-UX Update for Apache HPSBUX01064
11954| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11955| [835131] HP-UX Update for Apache HPSBUX00256
11956| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11957| [835104] HP-UX Update for Apache HPSBUX00224
11958| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11959| [835101] HP-UX Update for Apache HPSBUX01232
11960| [835080] HP-UX Update for Apache HPSBUX02273
11961| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11962| [835044] HP-UX Update for Apache HPSBUX01019
11963| [835040] HP-UX Update for Apache PHP HPSBUX00207
11964| [835025] HP-UX Update for Apache HPSBUX00197
11965| [835023] HP-UX Update for Apache HPSBUX01022
11966| [835022] HP-UX Update for Apache HPSBUX02292
11967| [835005] HP-UX Update for Apache HPSBUX02262
11968| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11969| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11970| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11971| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11972| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11973| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11974| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11975| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11976| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11977| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11978| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11979| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11980| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11981| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11982| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11983| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11984| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11985| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11986| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11987| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11988| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11989| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11990| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11991| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11992| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11993| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11994| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11995| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11996| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11997| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11998| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11999| [801942] Apache Archiva Multiple Vulnerabilities
12000| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12001| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12002| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12003| [801284] Apache Derby Information Disclosure Vulnerability
12004| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12005| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12006| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12007| [800680] Apache APR Version Detection
12008| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12009| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12010| [800677] Apache Roller Version Detection
12011| [800279] Apache mod_jk Module Version Detection
12012| [800278] Apache Struts Cross Site Scripting Vulnerability
12013| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12014| [800276] Apache Struts Version Detection
12015| [800271] Apache Struts Directory Traversal Vulnerability
12016| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12017| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12018| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12019| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12020| [103074] Apache Continuum Cross Site Scripting Vulnerability
12021| [103073] Apache Continuum Detection
12022| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12023| [101023] Apache Open For Business Weak Password security check
12024| [101020] Apache Open For Business HTML injection vulnerability
12025| [101019] Apache Open For Business service detection
12026| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12027| [100923] Apache Archiva Detection
12028| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12029| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12030| [100813] Apache Axis2 Detection
12031| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12032| [100795] Apache Derby Detection
12033| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12034| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12035| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12036| [100514] Apache Multiple Security Vulnerabilities
12037| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12038| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12039| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12040| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12041| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12042| [72612] FreeBSD Ports: apache22
12043| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12044| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12045| [71512] FreeBSD Ports: apache
12046| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12047| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12048| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12049| [70737] FreeBSD Ports: apache
12050| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12051| [70600] FreeBSD Ports: apache
12052| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12053| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12054| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12055| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12056| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12057| [67868] FreeBSD Ports: apache
12058| [66816] FreeBSD Ports: apache
12059| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12060| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12061| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12062| [66081] SLES11: Security update for Apache 2
12063| [66074] SLES10: Security update for Apache 2
12064| [66070] SLES9: Security update for Apache 2
12065| [65998] SLES10: Security update for apache2-mod_python
12066| [65893] SLES10: Security update for Apache 2
12067| [65888] SLES10: Security update for Apache 2
12068| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12069| [65510] SLES9: Security update for Apache 2
12070| [65472] SLES9: Security update for Apache
12071| [65467] SLES9: Security update for Apache
12072| [65450] SLES9: Security update for apache2
12073| [65390] SLES9: Security update for Apache2
12074| [65363] SLES9: Security update for Apache2
12075| [65309] SLES9: Security update for Apache and mod_ssl
12076| [65296] SLES9: Security update for webdav apache module
12077| [65283] SLES9: Security update for Apache2
12078| [65249] SLES9: Security update for Apache 2
12079| [65230] SLES9: Security update for Apache 2
12080| [65228] SLES9: Security update for Apache 2
12081| [65212] SLES9: Security update for apache2-mod_python
12082| [65209] SLES9: Security update for apache2-worker
12083| [65207] SLES9: Security update for Apache 2
12084| [65168] SLES9: Security update for apache2-mod_python
12085| [65142] SLES9: Security update for Apache2
12086| [65136] SLES9: Security update for Apache 2
12087| [65132] SLES9: Security update for apache
12088| [65131] SLES9: Security update for Apache 2 oes/CORE
12089| [65113] SLES9: Security update for apache2
12090| [65072] SLES9: Security update for apache and mod_ssl
12091| [65017] SLES9: Security update for Apache 2
12092| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12093| [64783] FreeBSD Ports: apache
12094| [64774] Ubuntu USN-802-2 (apache2)
12095| [64653] Ubuntu USN-813-2 (apache2)
12096| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12097| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12098| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12099| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12100| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12101| [64443] Ubuntu USN-802-1 (apache2)
12102| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12103| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12104| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12105| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12106| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12107| [64201] Ubuntu USN-787-1 (apache2)
12108| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12109| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12110| [63565] FreeBSD Ports: apache
12111| [63562] Ubuntu USN-731-1 (apache2)
12112| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12113| [61185] FreeBSD Ports: apache
12114| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12115| [60387] Slackware Advisory SSA:2008-045-02 apache
12116| [58826] FreeBSD Ports: apache-tomcat
12117| [58825] FreeBSD Ports: apache-tomcat
12118| [58804] FreeBSD Ports: apache
12119| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12120| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12121| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12122| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12123| [57335] Debian Security Advisory DSA 1167-1 (apache)
12124| [57201] Debian Security Advisory DSA 1131-1 (apache)
12125| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12126| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12127| [57145] FreeBSD Ports: apache
12128| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12129| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12130| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12131| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12132| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12133| [56067] FreeBSD Ports: apache
12134| [55803] Slackware Advisory SSA:2005-310-04 apache
12135| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12136| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12137| [55355] FreeBSD Ports: apache
12138| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12139| [55261] Debian Security Advisory DSA 805-1 (apache2)
12140| [55259] Debian Security Advisory DSA 803-1 (apache)
12141| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12142| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12143| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12144| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12145| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12146| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12147| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12148| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12149| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12150| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12151| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12152| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12153| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12154| [54439] FreeBSD Ports: apache
12155| [53931] Slackware Advisory SSA:2004-133-01 apache
12156| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12157| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12158| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12159| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12160| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12161| [53848] Debian Security Advisory DSA 131-1 (apache)
12162| [53784] Debian Security Advisory DSA 021-1 (apache)
12163| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12164| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12165| [53735] Debian Security Advisory DSA 187-1 (apache)
12166| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12167| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12168| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12169| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12170| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12171| [53282] Debian Security Advisory DSA 594-1 (apache)
12172| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12173| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12174| [53215] Debian Security Advisory DSA 525-1 (apache)
12175| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12176| [52529] FreeBSD Ports: apache+ssl
12177| [52501] FreeBSD Ports: apache
12178| [52461] FreeBSD Ports: apache
12179| [52390] FreeBSD Ports: apache
12180| [52389] FreeBSD Ports: apache
12181| [52388] FreeBSD Ports: apache
12182| [52383] FreeBSD Ports: apache
12183| [52339] FreeBSD Ports: apache+mod_ssl
12184| [52331] FreeBSD Ports: apache
12185| [52329] FreeBSD Ports: ru-apache+mod_ssl
12186| [52314] FreeBSD Ports: apache
12187| [52310] FreeBSD Ports: apache
12188| [15588] Detect Apache HTTPS
12189| [15555] Apache mod_proxy content-length buffer overflow
12190| [15554] Apache mod_include priviledge escalation
12191| [14771] Apache <= 1.3.33 htpasswd local overflow
12192| [14177] Apache mod_access rule bypass
12193| [13644] Apache mod_rootme Backdoor
12194| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12195| [12280] Apache Connection Blocking Denial of Service
12196| [12239] Apache Error Log Escape Sequence Injection
12197| [12123] Apache Tomcat source.jsp malformed request information disclosure
12198| [12085] Apache Tomcat servlet/JSP container default files
12199| [11438] Apache Tomcat Directory Listing and File disclosure
12200| [11204] Apache Tomcat Default Accounts
12201| [11092] Apache 2.0.39 Win32 directory traversal
12202| [11046] Apache Tomcat TroubleShooter Servlet Installed
12203| [11042] Apache Tomcat DOS Device Name XSS
12204| [11041] Apache Tomcat /servlet Cross Site Scripting
12205| [10938] Apache Remote Command Execution via .bat files
12206| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12207| [10773] MacOS X Finder reveals contents of Apache Web files
12208| [10766] Apache UserDir Sensitive Information Disclosure
12209| [10756] MacOS X Finder reveals contents of Apache Web directories
12210| [10752] Apache Auth Module SQL Insertion Attack
12211| [10704] Apache Directory Listing
12212| [10678] Apache /server-info accessible
12213| [10677] Apache /server-status accessible
12214| [10440] Check for Apache Multiple / vulnerability
12215|
12216| SecurityTracker - https://www.securitytracker.com:
12217| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12218| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12219| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12220| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12221| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12222| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12223| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12224| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12225| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12226| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12227| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12228| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12229| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12230| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12231| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12232| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12233| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12234| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12235| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12236| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12237| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12238| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12239| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12240| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12241| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12242| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12243| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12244| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12245| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12246| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12247| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12248| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12249| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12250| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12251| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12252| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12253| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12254| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12255| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12256| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12257| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12258| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12259| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12260| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12261| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12262| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12263| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12264| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12265| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12266| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12267| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12268| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12269| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12270| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12271| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12272| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12273| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12274| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12275| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12276| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12277| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12278| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12279| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12280| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12281| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12282| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12283| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12284| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12285| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12286| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12287| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12288| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12289| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12290| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12291| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12292| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12293| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12294| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12295| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12296| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12297| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12298| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12299| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12300| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12301| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12302| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12303| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12304| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12305| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12306| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12307| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12308| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12309| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12310| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12311| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12312| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12313| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12314| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12315| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12316| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12317| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12318| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12319| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12320| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12321| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12322| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12323| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12324| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12325| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12326| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12327| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12328| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12329| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12330| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12331| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12332| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12333| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12334| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12335| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12336| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12337| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12338| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12339| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12340| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12341| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12342| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12343| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12344| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12345| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12346| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12347| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12348| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12349| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12350| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12351| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12352| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12353| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12354| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12355| [1008920] Apache mod_digest May Validate Replayed Client Responses
12356| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12357| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12358| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12359| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12360| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12361| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12362| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12363| [1008029] Apache mod_alias Contains a Buffer Overflow
12364| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12365| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12366| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12367| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12368| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12369| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12370| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12371| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12372| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12373| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12374| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12375| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12376| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12377| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12378| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12379| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12380| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12381| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12382| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12383| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12384| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12385| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12386| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12387| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12388| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12389| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12390| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12391| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12392| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12393| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12394| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12395| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12396| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12397| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12398| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12399| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12400| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12401| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12402| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12403| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12404| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12405| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12406| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12407| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12408| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12409| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12410| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12411| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12412| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12413| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12414| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12415| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12416| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12417| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12418| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12419| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12420|
12421| OSVDB - http://www.osvdb.org:
12422| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12423| [96077] Apache CloudStack Global Settings Multiple Field XSS
12424| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12425| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12426| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12427| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12428| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12429| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12430| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12431| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12432| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12433| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12434| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12435| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12436| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12437| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12438| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12439| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12440| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12441| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12442| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12443| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12444| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12445| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12446| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12447| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12448| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12449| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12450| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12451| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12452| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12453| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12454| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12455| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12456| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12457| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12458| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12459| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12460| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12461| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12462| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12463| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12464| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12465| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12466| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12467| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12468| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12469| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12470| [94279] Apache Qpid CA Certificate Validation Bypass
12471| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12472| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12473| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12474| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12475| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12476| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12477| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12478| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12479| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12480| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12481| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12482| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12483| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12484| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12485| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12486| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12487| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12488| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12489| [93541] Apache Solr json.wrf Callback XSS
12490| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12491| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12492| [93520] Apache CloudStack Default SSL Key Weakness
12493| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12494| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12495| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12496| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12497| [93515] Apache HBase table.jsp name Parameter XSS
12498| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12499| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12500| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12501| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12502| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12503| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12504| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12505| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12506| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12507| [93252] Apache Tomcat FORM Authenticator Session Fixation
12508| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12509| [93171] Apache Sling HtmlResponse Error Message XSS
12510| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12511| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12512| [93168] Apache Click ErrorReport.java id Parameter XSS
12513| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12514| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12515| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12516| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12517| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12518| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12519| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12520| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12521| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12522| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12523| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12524| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12525| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12526| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12527| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12528| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12529| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12530| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12531| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12532| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12533| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12534| [93144] Apache Solr Admin Command Execution CSRF
12535| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12536| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12537| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12538| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12539| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12540| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12541| [92748] Apache CloudStack VM Console Access Restriction Bypass
12542| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12543| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12544| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12545| [92706] Apache ActiveMQ Debug Log Rendering XSS
12546| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12547| [92270] Apache Tomcat Unspecified CSRF
12548| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12549| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12550| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12551| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12552| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12553| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12554| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12555| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12556| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12557| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12558| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12559| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12560| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12561| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12562| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12563| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12564| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12565| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12566| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12567| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12568| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12569| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12570| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12571| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12572| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12573| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12574| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12575| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12576| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12577| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12578| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12579| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12580| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12581| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12582| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12583| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12584| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12585| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12586| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12587| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12588| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12589| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12590| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12591| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12592| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12593| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12594| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12595| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12596| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12597| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12598| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12599| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12600| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12601| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12602| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12603| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12604| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12605| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12606| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12607| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12608| [86901] Apache Tomcat Error Message Path Disclosure
12609| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12610| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12611| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12612| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12613| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12614| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12615| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12616| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12617| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12618| [85430] Apache mod_pagespeed Module Unspecified XSS
12619| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12620| [85249] Apache Wicket Unspecified XSS
12621| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12622| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12623| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12624| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12625| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12626| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12627| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12628| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12629| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12630| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12631| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12632| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12633| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12634| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12635| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12636| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12637| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12638| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12639| [83339] Apache Roller Blogger Roll Unspecified XSS
12640| [83270] Apache Roller Unspecified Admin Action CSRF
12641| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12642| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12643| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12644| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12645| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12646| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12647| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12648| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12649| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12650| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12651| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12652| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12653| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12654| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12655| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12656| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12657| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12658| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12659| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12660| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12661| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12662| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12663| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12664| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12665| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12666| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12667| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12668| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12669| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12670| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12671| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12672| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12673| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12674| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12675| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12676| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12677| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12678| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12679| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12680| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12681| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12682| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12683| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12684| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12685| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12686| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12687| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12688| [77593] Apache Struts Conversion Error OGNL Expression Injection
12689| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12690| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12691| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12692| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12693| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12694| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12695| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12696| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12697| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12698| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12699| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12700| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12701| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12702| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12703| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12704| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12705| [74725] Apache Wicket Multi Window Support Unspecified XSS
12706| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12707| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12708| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12709| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12710| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12711| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12712| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12713| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12714| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12715| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12716| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12717| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12718| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12719| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12720| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12721| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12722| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12723| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12724| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12725| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12726| [73154] Apache Archiva Multiple Unspecified CSRF
12727| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12728| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12729| [72238] Apache Struts Action / Method Names <
12730| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12731| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12732| [71557] Apache Tomcat HTML Manager Multiple XSS
12733| [71075] Apache Archiva User Management Page XSS
12734| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12735| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12736| [70924] Apache Continuum Multiple Admin Function CSRF
12737| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12738| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12739| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12740| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12741| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12742| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12743| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12744| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12745| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12746| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12747| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12748| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12749| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12750| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12751| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12752| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12753| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12754| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12755| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12756| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12757| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12758| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12759| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12760| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12761| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12762| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12763| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12764| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12765| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12766| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12767| [65054] Apache ActiveMQ Jetty Error Handler XSS
12768| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12769| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12770| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12771| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12772| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12773| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12774| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12775| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12776| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12777| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12778| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12779| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12780| [63895] Apache HTTP Server mod_headers Unspecified Issue
12781| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12782| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12783| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12784| [63140] Apache Thrift Service Malformed Data Remote DoS
12785| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12786| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12787| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12788| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12789| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12790| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12791| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12792| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12793| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12794| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12795| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12796| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12797| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12798| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12799| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12800| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12801| [60678] Apache Roller Comment Email Notification Manipulation DoS
12802| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12803| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12804| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12805| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12806| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12807| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12808| [60232] PHP on Apache php.exe Direct Request Remote DoS
12809| [60176] Apache Tomcat Windows Installer Admin Default Password
12810| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12811| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12812| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12813| [59944] Apache Hadoop jobhistory.jsp XSS
12814| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12815| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12816| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12817| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12818| [59019] Apache mod_python Cookie Salting Weakness
12819| [59018] Apache Harmony Error Message Handling Overflow
12820| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12821| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12822| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12823| [59010] Apache Solr get-file.jsp XSS
12824| [59009] Apache Solr action.jsp XSS
12825| [59008] Apache Solr analysis.jsp XSS
12826| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12827| [59006] Apache Beehive select / checkbox Tag XSS
12828| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12829| [59004] Apache Beehive Error Message XSS
12830| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12831| [59002] Apache Jetspeed default-page.psml URI XSS
12832| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12833| [59000] Apache CXF Unsigned Message Policy Bypass
12834| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12835| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12836| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12837| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12838| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12839| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12840| [58993] Apache Hadoop browseBlock.jsp XSS
12841| [58991] Apache Hadoop browseDirectory.jsp XSS
12842| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12843| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12844| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12845| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12846| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12847| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12848| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12849| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12850| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12851| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12852| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12853| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12854| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12855| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12856| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12857| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12858| [58974] Apache Sling /apps Script User Session Management Access Weakness
12859| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12860| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12861| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12862| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12863| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12864| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12865| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12866| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12867| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12868| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12869| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12870| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12871| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12872| [58805] Apache Derby Unauthenticated Database / Admin Access
12873| [58804] Apache Wicket Header Contribution Unspecified Issue
12874| [58803] Apache Wicket Session Fixation
12875| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12876| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12877| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12878| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12879| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12880| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12881| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12882| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12883| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12884| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12885| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12886| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12887| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12888| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12889| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12890| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12891| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12892| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12893| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12894| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12895| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12896| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12897| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12898| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12899| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12900| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12901| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12902| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12903| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12904| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12905| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12906| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12907| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12908| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12909| [58755] Apache Harmony DRLVM Non-public Class Member Access
12910| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12911| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12912| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12913| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12914| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12915| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12916| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12917| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12918| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12919| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12920| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12921| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12922| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12923| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12924| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12925| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12926| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12927| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12928| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12929| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12930| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12931| [58724] Apache Roller Logout Functionality Failure Session Persistence
12932| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12933| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12934| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12935| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12936| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12937| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12938| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12939| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12940| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12941| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12942| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12943| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12944| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12945| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12946| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12947| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12948| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12949| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12950| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12951| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12952| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12953| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12954| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12955| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12956| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12957| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12958| [58687] Apache Axis Invalid wsdl Request XSS
12959| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12960| [58685] Apache Velocity Template Designer Privileged Code Execution
12961| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12962| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12963| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12964| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12965| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12966| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12967| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12968| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12969| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12970| [58667] Apache Roller Database Cleartext Passwords Disclosure
12971| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12972| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12973| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12974| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12975| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12976| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12977| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12978| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12979| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12980| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12981| [56984] Apache Xerces2 Java Malformed XML Input DoS
12982| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12983| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12984| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12985| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12986| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12987| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12988| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12989| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12990| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12991| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12992| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12993| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12994| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12995| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12996| [55056] Apache Tomcat Cross-application TLD File Manipulation
12997| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12998| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12999| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13000| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13001| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13002| [54589] Apache Jserv Nonexistent JSP Request XSS
13003| [54122] Apache Struts s:a / s:url Tag href Element XSS
13004| [54093] Apache ActiveMQ Web Console JMS Message XSS
13005| [53932] Apache Geronimo Multiple Admin Function CSRF
13006| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13007| [53930] Apache Geronimo /console/portal/ URI XSS
13008| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13009| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13010| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13011| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13012| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13013| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13014| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13015| [53380] Apache Struts Unspecified XSS
13016| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13017| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13018| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13019| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13020| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13021| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13022| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13023| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13024| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13025| [51151] Apache Roller Search Function q Parameter XSS
13026| [50482] PHP with Apache php_value Order Unspecified Issue
13027| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13028| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13029| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13030| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13031| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13032| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13033| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13034| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13035| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13036| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13037| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13038| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13039| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13040| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13041| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13042| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13043| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13044| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13045| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13046| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13047| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13048| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13049| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13050| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13051| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13052| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13053| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13054| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13055| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13056| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13057| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13058| [43452] Apache Tomcat HTTP Request Smuggling
13059| [43309] Apache Geronimo LoginModule Login Method Bypass
13060| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13061| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13062| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13063| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13064| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13065| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13066| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13067| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13068| [42091] Apache Maven Site Plugin Installation Permission Weakness
13069| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13070| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13071| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13072| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13073| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13074| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13075| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13076| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13077| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13078| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13079| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13080| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13081| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13082| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13083| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13084| [40262] Apache HTTP Server mod_status refresh XSS
13085| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13086| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13087| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13088| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13089| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13090| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13091| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13092| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13093| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13094| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13095| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13096| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13097| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13098| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13099| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13100| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13101| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13102| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13103| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13104| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13105| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13106| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13107| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13108| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13109| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13110| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13111| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13112| [36079] Apache Tomcat Manager Uploaded Filename XSS
13113| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13114| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13115| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13116| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13117| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13118| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13119| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13120| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13121| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13122| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13123| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13124| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13125| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13126| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13127| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13128| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13129| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13130| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13131| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13132| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13133| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13134| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13135| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13136| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13137| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13138| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13139| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13140| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13141| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13142| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13143| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13144| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13145| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13146| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13147| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13148| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13149| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13150| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13151| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13152| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13153| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13154| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13155| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13156| [24365] Apache Struts Multiple Function Error Message XSS
13157| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13158| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13159| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13160| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13161| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13162| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13163| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13164| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13165| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13166| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13167| [22459] Apache Geronimo Error Page XSS
13168| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13169| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13170| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13171| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13172| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13173| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13174| [21021] Apache Struts Error Message XSS
13175| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13176| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13177| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13178| [20439] Apache Tomcat Directory Listing Saturation DoS
13179| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13180| [20285] Apache HTTP Server Log File Control Character Injection
13181| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13182| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13183| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13184| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13185| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13186| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13187| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13188| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13189| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13190| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13191| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13192| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13193| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13194| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13195| [18233] Apache HTTP Server htdigest user Variable Overfow
13196| [17738] Apache HTTP Server HTTP Request Smuggling
13197| [16586] Apache HTTP Server Win32 GET Overflow DoS
13198| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13199| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13200| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13201| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13202| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13203| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13204| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13205| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13206| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13207| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13208| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13209| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13210| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13211| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13212| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13213| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13214| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13215| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13216| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13217| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13218| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13219| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13220| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13221| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13222| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13223| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13224| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13225| [13304] Apache Tomcat realPath.jsp Path Disclosure
13226| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13227| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13228| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13229| [12848] Apache HTTP Server htdigest realm Variable Overflow
13230| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13231| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13232| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13233| [12557] Apache HTTP Server prefork MPM accept Error DoS
13234| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13235| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13236| [12231] Apache Tomcat web.xml Arbitrary File Access
13237| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13238| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13239| [12178] Apache Jakarta Lucene results.jsp XSS
13240| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13241| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13242| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13243| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13244| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13245| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13246| [10471] Apache Xerces-C++ XML Parser DoS
13247| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13248| [10068] Apache HTTP Server htpasswd Local Overflow
13249| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13250| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13251| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13252| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13253| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13254| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13255| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13256| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13257| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13258| [9714] Apache Authentication Module Threaded MPM DoS
13259| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13260| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13261| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13262| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13263| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13264| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13265| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13266| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13267| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13268| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13269| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13270| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13271| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13272| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13273| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13274| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13275| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13276| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13277| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13278| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13279| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13280| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13281| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13282| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13283| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13284| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13285| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13286| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13287| [9208] Apache Tomcat .jsp Encoded Newline XSS
13288| [9204] Apache Tomcat ROOT Application XSS
13289| [9203] Apache Tomcat examples Application XSS
13290| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13291| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13292| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13293| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13294| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13295| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13296| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13297| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13298| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13299| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13300| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13301| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13302| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13303| [7611] Apache HTTP Server mod_alias Local Overflow
13304| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13305| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13306| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13307| [6882] Apache mod_python Malformed Query String Variant DoS
13308| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13309| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13310| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13311| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13312| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13313| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13314| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13315| [5278] Apache Tomcat web.xml Restriction Bypass
13316| [5051] Apache Tomcat Null Character DoS
13317| [4973] Apache Tomcat servlet Mapping XSS
13318| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13319| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13320| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13321| [4568] mod_survey For Apache ENV Tags SQL Injection
13322| [4553] Apache HTTP Server ApacheBench Overflow DoS
13323| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13324| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13325| [4383] Apache HTTP Server Socket Race Condition DoS
13326| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13327| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13328| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13329| [4231] Apache Cocoon Error Page Server Path Disclosure
13330| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13331| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13332| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13333| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13334| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13335| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13336| [3322] mod_php for Apache HTTP Server Process Hijack
13337| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13338| [2885] Apache mod_python Malformed Query String DoS
13339| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13340| [2733] Apache HTTP Server mod_rewrite Local Overflow
13341| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13342| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13343| [2149] Apache::Gallery Privilege Escalation
13344| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13345| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13346| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13347| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13348| [872] Apache Tomcat Multiple Default Accounts
13349| [862] Apache HTTP Server SSI Error Page XSS
13350| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13351| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13352| [845] Apache Tomcat MSDOS Device XSS
13353| [844] Apache Tomcat Java Servlet Error Page XSS
13354| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13355| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13356| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13357| [775] Apache mod_python Module Importing Privilege Function Execution
13358| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13359| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13360| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13361| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13362| [637] Apache HTTP Server UserDir Directive Username Enumeration
13363| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13364| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13365| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13366| [561] Apache Web Servers mod_status /server-status Information Disclosure
13367| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13368| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13369| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13370| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13371| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13372| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13373| [376] Apache Tomcat contextAdmin Arbitrary File Access
13374| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13375| [222] Apache HTTP Server test-cgi Arbitrary File Access
13376| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13377| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13378|_
13379110/tcp open pop3 Dovecot pop3d
13380| vulscan: VulDB - https://vuldb.com:
13381| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
13382| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
13383| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
13384| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
13385| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
13386| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
13387| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
13388| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
13389| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
13390| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
13391| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
13392| [69835] Dovecot 2.2.0/2.2.1 denial of service
13393| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
13394| [65684] Dovecot up to 2.2.6 unknown vulnerability
13395| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
13396| [63692] Dovecot up to 2.0.15 spoofing
13397| [7062] Dovecot 2.1.10 mail-search.c denial of service
13398| [57517] Dovecot up to 2.0.12 Login directory traversal
13399| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
13400| [57515] Dovecot up to 2.0.12 Crash denial of service
13401| [54944] Dovecot up to 1.2.14 denial of service
13402| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
13403| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
13404| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
13405| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
13406| [53277] Dovecot up to 1.2.10 denial of service
13407| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
13408| [45256] Dovecot up to 1.1.5 directory traversal
13409| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
13410| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
13411| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
13412| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
13413| [40356] Dovecot 1.0.9 Cache unknown vulnerability
13414| [38222] Dovecot 1.0.2 directory traversal
13415| [36376] Dovecot up to 1.0.x directory traversal
13416| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
13417|
13418| MITRE CVE - https://cve.mitre.org:
13419| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
13420| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
13421| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
13422| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
13423| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
13424| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
13425| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
13426| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
13427| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
13428| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
13429| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
13430| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
13431| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
13432| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
13433| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
13434| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
13435| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
13436| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
13437| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
13438| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
13439| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
13440| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
13441| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
13442| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
13443| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
13444| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
13445| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
13446| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
13447| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
13448| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
13449| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
13450| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
13451| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
13452| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
13453| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
13454| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
13455| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
13456|
13457| SecurityFocus - https://www.securityfocus.com/bid/:
13458| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
13459| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
13460| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
13461| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
13462| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
13463| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
13464| [67306] Dovecot Denial of Service Vulnerability
13465| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
13466| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
13467| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
13468| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
13469| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
13470| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
13471| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
13472| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
13473| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
13474| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
13475| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
13476| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
13477| [39838] tpop3d Remote Denial of Service Vulnerability
13478| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
13479| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
13480| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
13481| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
13482| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
13483| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
13484| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
13485| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
13486| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
13487| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
13488| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
13489| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
13490| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
13491| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
13492| [17961] Dovecot Remote Information Disclosure Vulnerability
13493| [16672] Dovecot Double Free Denial of Service Vulnerability
13494| [8495] akpop3d User Name SQL Injection Vulnerability
13495| [8473] Vpop3d Remote Denial Of Service Vulnerability
13496| [3990] ZPop3D Bad Login Logging Failure Vulnerability
13497| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
13498|
13499| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13500| [86382] Dovecot POP3 Service denial of service
13501| [84396] Dovecot IMAP APPEND denial of service
13502| [80453] Dovecot mail-search.c denial of service
13503| [71354] Dovecot SSL Common Name (CN) weak security
13504| [67675] Dovecot script-login security bypass
13505| [67674] Dovecot script-login directory traversal
13506| [67589] Dovecot header name denial of service
13507| [63267] Apple Mac OS X Dovecot information disclosure
13508| [62340] Dovecot mailbox security bypass
13509| [62339] Dovecot IMAP or POP3 denial of service
13510| [62256] Dovecot mailbox security bypass
13511| [62255] Dovecot ACL entry security bypass
13512| [60639] Dovecot ACL plugin weak security
13513| [57267] Apple Mac OS X Dovecot Kerberos security bypass
13514| [56763] Dovecot header denial of service
13515| [54363] Dovecot base_dir privilege escalation
13516| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
13517| [46323] Dovecot dovecot.conf information disclosure
13518| [46227] Dovecot message parsing denial of service
13519| [45669] Dovecot ACL mailbox security bypass
13520| [45667] Dovecot ACL plugin rights security bypass
13521| [41085] Dovecot TAB characters authentication bypass
13522| [41009] Dovecot mail_extra_groups option unauthorized access
13523| [39342] Dovecot LDAP auth cache configuration security bypass
13524| [35767] Dovecot ACL plugin security bypass
13525| [34082] Dovecot mbox-storage.c directory traversal
13526| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
13527| [26578] Cyrus IMAP pop3d buffer overflow
13528| [26536] Dovecot IMAP LIST information disclosure
13529| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
13530| [24709] Dovecot APPEND command denial of service
13531| [13018] akpop3d authentication code SQL injection
13532| [7345] Slackware Linux imapd and ipop3d core dump
13533| [6269] imap, ipop2d and ipop3d buffer overflows
13534| [5923] Linuxconf vpop3d symbolic link
13535| [4918] IPOP3D, Buffer overflow attack
13536| [1560] IPOP3D, user login successful
13537| [1559] IPOP3D user login to remote host successful
13538| [1525] IPOP3D, user logout
13539| [1524] IPOP3D, user auto-logout
13540| [1523] IPOP3D, user login failure
13541| [1522] IPOP3D, brute force attack
13542| [1521] IPOP3D, user kiss of death logout
13543| [418] pop3d mktemp creates insecure temporary files
13544|
13545| Exploit-DB - https://www.exploit-db.com:
13546| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
13547| [23053] Vpop3d Remote Denial of Service Vulnerability
13548| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
13549| [11893] tPop3d 1.5.3 DoS
13550| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
13551| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
13552| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
13553| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
13554|
13555| OpenVAS (Nessus) - http://www.openvas.org:
13556| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
13557| [901025] Dovecot Version Detection
13558| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
13559| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
13560| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
13561| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
13562| [870607] RedHat Update for dovecot RHSA-2011:0600-01
13563| [870471] RedHat Update for dovecot RHSA-2011:1187-01
13564| [870153] RedHat Update for dovecot RHSA-2008:0297-02
13565| [863272] Fedora Update for dovecot FEDORA-2011-7612
13566| [863115] Fedora Update for dovecot FEDORA-2011-7258
13567| [861525] Fedora Update for dovecot FEDORA-2007-664
13568| [861394] Fedora Update for dovecot FEDORA-2007-493
13569| [861333] Fedora Update for dovecot FEDORA-2007-1485
13570| [860845] Fedora Update for dovecot FEDORA-2008-9202
13571| [860663] Fedora Update for dovecot FEDORA-2008-2475
13572| [860169] Fedora Update for dovecot FEDORA-2008-2464
13573| [860089] Fedora Update for dovecot FEDORA-2008-9232
13574| [840950] Ubuntu Update for dovecot USN-1295-1
13575| [840668] Ubuntu Update for dovecot USN-1143-1
13576| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
13577| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
13578| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
13579| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
13580| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
13581| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
13582| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
13583| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
13584| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
13585| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
13586| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
13587| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
13588| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
13589| [70259] FreeBSD Ports: dovecot
13590| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
13591| [66522] FreeBSD Ports: dovecot
13592| [65010] Ubuntu USN-838-1 (dovecot)
13593| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
13594| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
13595| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
13596| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
13597| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
13598| [62854] FreeBSD Ports: dovecot-managesieve
13599| [61916] FreeBSD Ports: dovecot
13600| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
13601| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
13602| [60528] FreeBSD Ports: dovecot
13603| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
13604| [60089] FreeBSD Ports: dovecot
13605| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
13606| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
13607|
13608| SecurityTracker - https://www.securitytracker.com:
13609| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
13610| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
13611| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
13612|
13613| OSVDB - http://www.osvdb.org:
13614| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
13615| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
13616| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
13617| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
13618| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
13619| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
13620| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
13621| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
13622| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
13623| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
13624| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
13625| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
13626| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
13627| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
13628| [66113] Dovecot Mail Root Directory Creation Permission Weakness
13629| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
13630| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
13631| [66110] Dovecot Multiple Unspecified Buffer Overflows
13632| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
13633| [64783] Dovecot E-mail Message Header Unspecified DoS
13634| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
13635| [62796] Dovecot mbox Format Email Header Handling DoS
13636| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
13637| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
13638| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
13639| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
13640| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
13641| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
13642| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
13643| [43137] Dovecot mail_extra_groups Symlink File Manipulation
13644| [42979] Dovecot passdbs Argument Injection Authentication Bypass
13645| [39876] Dovecot LDAP Auth Cache Security Bypass
13646| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
13647| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
13648| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
13649| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
13650| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
13651| [23281] Dovecot imap/pop3-login dovecot-auth DoS
13652| [23280] Dovecot Malformed APPEND Command DoS
13653| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
13654| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
13655| [5857] Linux pop3d Arbitrary Mail File Access
13656| [2471] akpop3d username SQL Injection
13657|_
13658143/tcp open imap Dovecot imapd
13659| vulscan: VulDB - https://vuldb.com:
13660| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
13661| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
13662| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
13663| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
13664| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
13665| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
13666| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
13667| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
13668| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
13669| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
13670| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
13671| [69835] Dovecot 2.2.0/2.2.1 denial of service
13672| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
13673| [65684] Dovecot up to 2.2.6 unknown vulnerability
13674| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
13675| [63692] Dovecot up to 2.0.15 spoofing
13676| [7062] Dovecot 2.1.10 mail-search.c denial of service
13677| [59792] Cyrus IMAPd 2.4.11 weak authentication
13678| [57517] Dovecot up to 2.0.12 Login directory traversal
13679| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
13680| [57515] Dovecot up to 2.0.12 Crash denial of service
13681| [54944] Dovecot up to 1.2.14 denial of service
13682| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
13683| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
13684| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
13685| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
13686| [53277] Dovecot up to 1.2.10 denial of service
13687| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
13688| [45256] Dovecot up to 1.1.5 directory traversal
13689| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
13690| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
13691| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
13692| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
13693| [40356] Dovecot 1.0.9 Cache unknown vulnerability
13694| [38222] Dovecot 1.0.2 directory traversal
13695| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
13696| [36376] Dovecot up to 1.0.x directory traversal
13697| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
13698| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
13699|
13700| MITRE CVE - https://cve.mitre.org:
13701| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
13702| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
13703| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
13704| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
13705| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
13706| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
13707| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
13708| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
13709| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
13710| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
13711| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
13712| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
13713| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
13714| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
13715| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
13716| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
13717| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
13718| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
13719| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
13720| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
13721| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
13722| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
13723| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
13724| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
13725| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
13726| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
13727| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
13728| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
13729| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
13730| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
13731| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
13732| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
13733| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
13734| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
13735| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
13736| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
13737| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
13738| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
13739| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
13740| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
13741| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
13742| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
13743| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
13744| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
13745| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
13746| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
13747| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
13748| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
13749| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
13750| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
13751| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
13752| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
13753| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
13754| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
13755| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
13756| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
13757| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
13758| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
13759| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
13760|
13761| SecurityFocus - https://www.securityfocus.com/bid/:
13762| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
13763| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
13764| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
13765| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
13766| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
13767| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
13768| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
13769| [67306] Dovecot Denial of Service Vulnerability
13770| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
13771| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
13772| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
13773| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
13774| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
13775| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
13776| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
13777| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
13778| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
13779| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
13780| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
13781| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
13782| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
13783| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
13784| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
13785| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
13786| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
13787| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
13788| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
13789| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
13790| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
13791| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
13792| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
13793| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
13794| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
13795| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
13796| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
13797| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
13798| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
13799| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
13800| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
13801| [17961] Dovecot Remote Information Disclosure Vulnerability
13802| [16672] Dovecot Double Free Denial of Service Vulnerability
13803| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
13804| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
13805| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
13806| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
13807| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
13808| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
13809| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
13810| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
13811| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
13812| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
13813| [130] imapd Buffer Overflow Vulnerability
13814|
13815| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13816| [86382] Dovecot POP3 Service denial of service
13817| [84396] Dovecot IMAP APPEND denial of service
13818| [80453] Dovecot mail-search.c denial of service
13819| [71354] Dovecot SSL Common Name (CN) weak security
13820| [70325] Cyrus IMAPd NNTP security bypass
13821| [67675] Dovecot script-login security bypass
13822| [67674] Dovecot script-login directory traversal
13823| [67589] Dovecot header name denial of service
13824| [63267] Apple Mac OS X Dovecot information disclosure
13825| [62340] Dovecot mailbox security bypass
13826| [62339] Dovecot IMAP or POP3 denial of service
13827| [62256] Dovecot mailbox security bypass
13828| [62255] Dovecot ACL entry security bypass
13829| [60639] Dovecot ACL plugin weak security
13830| [57267] Apple Mac OS X Dovecot Kerberos security bypass
13831| [56763] Dovecot header denial of service
13832| [54363] Dovecot base_dir privilege escalation
13833| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
13834| [47526] UW-imapd rfc822_output_char() denial of service
13835| [46323] Dovecot dovecot.conf information disclosure
13836| [46227] Dovecot message parsing denial of service
13837| [45669] Dovecot ACL mailbox security bypass
13838| [45667] Dovecot ACL plugin rights security bypass
13839| [41085] Dovecot TAB characters authentication bypass
13840| [41009] Dovecot mail_extra_groups option unauthorized access
13841| [39342] Dovecot LDAP auth cache configuration security bypass
13842| [35767] Dovecot ACL plugin security bypass
13843| [34082] Dovecot mbox-storage.c directory traversal
13844| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
13845| [26536] Dovecot IMAP LIST information disclosure
13846| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
13847| [24709] Dovecot APPEND command denial of service
13848| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
13849| [19460] Cyrus IMAP imapd buffer overflow
13850| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
13851| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
13852| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
13853| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
13854| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
13855| [7345] Slackware Linux imapd and ipop3d core dump
13856| [573] Imapd denial of service
13857|
13858| Exploit-DB - https://www.exploit-db.com:
13859| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
13860| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
13861| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
13862| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
13863| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
13864| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
13865| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
13866| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
13867| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
13868| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
13869| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
13870| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
13871| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
13872| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
13873| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
13874| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
13875| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
13876| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
13877| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
13878| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
13879| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
13880| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
13881| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
13882| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
13883| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
13884| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
13885| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
13886| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
13887| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
13888| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
13889| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
13890| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
13891| [340] Linux imapd Remote Overflow File Retrieve Exploit
13892|
13893| OpenVAS (Nessus) - http://www.openvas.org:
13894| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
13895| [901025] Dovecot Version Detection
13896| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
13897| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
13898| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
13899| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
13900| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
13901| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
13902| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
13903| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
13904| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
13905| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
13906| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
13907| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
13908| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
13909| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
13910| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
13911| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
13912| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
13913| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
13914| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
13915| [870607] RedHat Update for dovecot RHSA-2011:0600-01
13916| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
13917| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
13918| [870471] RedHat Update for dovecot RHSA-2011:1187-01
13919| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
13920| [870153] RedHat Update for dovecot RHSA-2008:0297-02
13921| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
13922| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
13923| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
13924| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
13925| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
13926| [863272] Fedora Update for dovecot FEDORA-2011-7612
13927| [863115] Fedora Update for dovecot FEDORA-2011-7258
13928| [861525] Fedora Update for dovecot FEDORA-2007-664
13929| [861394] Fedora Update for dovecot FEDORA-2007-493
13930| [861333] Fedora Update for dovecot FEDORA-2007-1485
13931| [860845] Fedora Update for dovecot FEDORA-2008-9202
13932| [860663] Fedora Update for dovecot FEDORA-2008-2475
13933| [860169] Fedora Update for dovecot FEDORA-2008-2464
13934| [860089] Fedora Update for dovecot FEDORA-2008-9232
13935| [840950] Ubuntu Update for dovecot USN-1295-1
13936| [840668] Ubuntu Update for dovecot USN-1143-1
13937| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
13938| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
13939| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
13940| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
13941| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
13942| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
13943| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
13944| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
13945| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
13946| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
13947| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
13948| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
13949| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
13950| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
13951| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
13952| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
13953| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
13954| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
13955| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
13956| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
13957| [70259] FreeBSD Ports: dovecot
13958| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
13959| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
13960| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
13961| [66522] FreeBSD Ports: dovecot
13962| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
13963| [66233] SLES10: Security update for Cyrus IMAPD
13964| [66226] SLES11: Security update for Cyrus IMAPD
13965| [66222] SLES9: Security update for Cyrus IMAPD
13966| [65938] SLES10: Security update for Cyrus IMAPD
13967| [65723] SLES11: Security update for Cyrus IMAPD
13968| [65523] SLES9: Security update for Cyrus IMAPD
13969| [65479] SLES9: Security update for cyrus-imapd
13970| [65094] SLES9: Security update for cyrus-imapd
13971| [65010] Ubuntu USN-838-1 (dovecot)
13972| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
13973| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
13974| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
13975| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
13976| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
13977| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
13978| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
13979| [64898] FreeBSD Ports: cyrus-imapd
13980| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
13981| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
13982| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
13983| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
13984| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
13985| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
13986| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
13987| [62854] FreeBSD Ports: dovecot-managesieve
13988| [61916] FreeBSD Ports: dovecot
13989| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
13990| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
13991| [60528] FreeBSD Ports: dovecot
13992| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
13993| [60089] FreeBSD Ports: dovecot
13994| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
13995| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
13996| [55807] Slackware Advisory SSA:2005-310-06 imapd
13997| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
13998| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
13999| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
14000| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
14001| [52297] FreeBSD Ports: cyrus-imapd
14002| [52296] FreeBSD Ports: cyrus-imapd
14003| [52295] FreeBSD Ports: cyrus-imapd
14004| [52294] FreeBSD Ports: cyrus-imapd
14005| [52172] FreeBSD Ports: cyrus-imapd
14006|
14007| SecurityTracker - https://www.securitytracker.com:
14008| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
14009| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
14010| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
14011| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
14012|
14013| OSVDB - http://www.osvdb.org:
14014| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
14015| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
14016| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14017| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
14018| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
14019| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
14020| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
14021| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
14022| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
14023| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
14024| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
14025| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
14026| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
14027| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
14028| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
14029| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
14030| [66113] Dovecot Mail Root Directory Creation Permission Weakness
14031| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
14032| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
14033| [66110] Dovecot Multiple Unspecified Buffer Overflows
14034| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
14035| [64783] Dovecot E-mail Message Header Unspecified DoS
14036| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
14037| [62796] Dovecot mbox Format Email Header Handling DoS
14038| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
14039| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
14040| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
14041| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
14042| [52906] UW-imapd c-client Initial Request Remote Format String
14043| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
14044| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
14045| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
14046| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
14047| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
14048| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
14049| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
14050| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
14051| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
14052| [43137] Dovecot mail_extra_groups Symlink File Manipulation
14053| [42979] Dovecot passdbs Argument Injection Authentication Bypass
14054| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
14055| [39876] Dovecot LDAP Auth Cache Security Bypass
14056| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
14057| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
14058| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
14059| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
14060| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
14061| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
14062| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
14063| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
14064| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
14065| [23281] Dovecot imap/pop3-login dovecot-auth DoS
14066| [23280] Dovecot Malformed APPEND Command DoS
14067| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
14068| [13242] UW-imapd CRAM-MD5 Authentication Bypass
14069| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
14070| [12042] UoW imapd Multiple Unspecified Overflows
14071| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
14072| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
14073| [911] UoW imapd AUTHENTICATE Command Remote Overflow
14074| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
14075| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
14076|_
14077443/tcp open ssl/http Apache httpd
14078|_http-server-header: Apache
14079| vulscan: VulDB - https://vuldb.com:
14080| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
14081| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
14082| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
14083| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
14084| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
14085| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
14086| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
14087| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
14088| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
14089| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
14090| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
14091| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
14092| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
14093| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
14094| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
14095| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
14096| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
14097| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
14098| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
14099| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
14100| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
14101| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
14102| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
14103| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
14104| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
14105| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
14106| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
14107| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
14108| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
14109| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
14110| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
14111| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
14112| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
14113| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
14114| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
14115| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
14116| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
14117| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
14118| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
14119| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
14120| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
14121| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
14122| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
14123| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
14124| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
14125| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
14126| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
14127| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
14128| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
14129| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
14130| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
14131| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
14132| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
14133| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
14134| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
14135| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
14136| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
14137| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
14138| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
14139| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
14140| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
14141| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
14142| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
14143| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
14144| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
14145| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14146| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
14147| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
14148| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
14149| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
14150| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
14151| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
14152| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
14153| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
14154| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
14155| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
14156| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
14157| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
14158| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
14159| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
14160| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
14161| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
14162| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
14163| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
14164| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
14165| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
14166| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
14167| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
14168| [136370] Apache Fineract up to 1.2.x sql injection
14169| [136369] Apache Fineract up to 1.2.x sql injection
14170| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
14171| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
14172| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
14173| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
14174| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
14175| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
14176| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
14177| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
14178| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
14179| [134416] Apache Sanselan 0.97-incubator Loop denial of service
14180| [134415] Apache Sanselan 0.97-incubator Hang denial of service
14181| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
14182| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
14183| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
14184| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
14185| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
14186| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
14187| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
14188| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
14189| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
14190| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
14191| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
14192| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
14193| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
14194| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
14195| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
14196| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
14197| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
14198| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
14199| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
14200| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
14201| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
14202| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
14203| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
14204| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
14205| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
14206| [131859] Apache Hadoop up to 2.9.1 privilege escalation
14207| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
14208| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
14209| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
14210| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
14211| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
14212| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
14213| [130629] Apache Guacamole Cookie Flag weak encryption
14214| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
14215| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
14216| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
14217| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
14218| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
14219| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
14220| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
14221| [130123] Apache Airflow up to 1.8.2 information disclosure
14222| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
14223| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
14224| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
14225| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
14226| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14227| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14228| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
14229| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
14230| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
14231| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
14232| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
14233| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
14234| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
14235| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
14236| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
14237| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
14238| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
14239| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
14240| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14241| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
14242| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
14243| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
14244| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
14245| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
14246| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
14247| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
14248| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
14249| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
14250| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
14251| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
14252| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
14253| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
14254| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
14255| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
14256| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
14257| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
14258| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
14259| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
14260| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
14261| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
14262| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
14263| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
14264| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
14265| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
14266| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
14267| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
14268| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
14269| [127007] Apache Spark Request Code Execution
14270| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
14271| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
14272| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
14273| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
14274| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
14275| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
14276| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
14277| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
14278| [126346] Apache Tomcat Path privilege escalation
14279| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
14280| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
14281| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
14282| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
14283| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
14284| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
14285| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
14286| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
14287| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
14288| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
14289| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
14290| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
14291| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
14292| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
14293| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
14294| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
14295| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
14296| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
14297| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
14298| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
14299| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
14300| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
14301| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
14302| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
14303| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
14304| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
14305| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
14306| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
14307| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
14308| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
14309| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
14310| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
14311| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
14312| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
14313| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
14314| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
14315| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
14316| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
14317| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
14318| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
14319| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
14320| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
14321| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
14322| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
14323| [123197] Apache Sentry up to 2.0.0 privilege escalation
14324| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
14325| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
14326| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
14327| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
14328| [122800] Apache Spark 1.3.0 REST API weak authentication
14329| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
14330| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
14331| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
14332| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
14333| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
14334| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
14335| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
14336| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
14337| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
14338| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
14339| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
14340| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
14341| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
14342| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
14343| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
14344| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
14345| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
14346| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
14347| [121354] Apache CouchDB HTTP API Code Execution
14348| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
14349| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
14350| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
14351| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
14352| [120168] Apache CXF weak authentication
14353| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
14354| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
14355| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
14356| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
14357| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
14358| [119306] Apache MXNet Network Interface privilege escalation
14359| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
14360| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
14361| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
14362| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
14363| [118143] Apache NiFi activemq-client Library Deserialization denial of service
14364| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
14365| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
14366| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
14367| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
14368| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
14369| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
14370| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
14371| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
14372| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
14373| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
14374| [117115] Apache Tika up to 1.17 tika-server command injection
14375| [116929] Apache Fineract getReportType Parameter privilege escalation
14376| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
14377| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
14378| [116926] Apache Fineract REST Parameter privilege escalation
14379| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
14380| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
14381| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
14382| [115883] Apache Hive up to 2.3.2 privilege escalation
14383| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
14384| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
14385| [115518] Apache Ignite 2.3 Deserialization privilege escalation
14386| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
14387| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
14388| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
14389| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
14390| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
14391| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
14392| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
14393| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
14394| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
14395| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
14396| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
14397| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
14398| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
14399| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
14400| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
14401| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
14402| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
14403| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
14404| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
14405| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
14406| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
14407| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
14408| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
14409| [113895] Apache Geode up to 1.3.x Code Execution
14410| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
14411| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
14412| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
14413| [113747] Apache Tomcat Servlets privilege escalation
14414| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
14415| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
14416| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
14417| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
14418| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
14419| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
14420| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
14421| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
14422| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
14423| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
14424| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
14425| [112885] Apache Allura up to 1.8.0 File information disclosure
14426| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
14427| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
14428| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
14429| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
14430| [112625] Apache POI up to 3.16 Loop denial of service
14431| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
14432| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
14433| [112339] Apache NiFi 1.5.0 Header privilege escalation
14434| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
14435| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
14436| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
14437| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
14438| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
14439| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
14440| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
14441| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
14442| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
14443| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
14444| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
14445| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
14446| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
14447| [112114] Oracle 9.1 Apache Log4j privilege escalation
14448| [112113] Oracle 9.1 Apache Log4j privilege escalation
14449| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
14450| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
14451| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
14452| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
14453| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
14454| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
14455| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
14456| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
14457| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
14458| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
14459| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
14460| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
14461| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
14462| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
14463| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
14464| [110701] Apache Fineract Query Parameter sql injection
14465| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
14466| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
14467| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
14468| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
14469| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
14470| [110106] Apache CXF Fediz Spring cross site request forgery
14471| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
14472| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
14473| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
14474| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
14475| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
14476| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
14477| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
14478| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
14479| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
14480| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
14481| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
14482| [108938] Apple macOS up to 10.13.1 apache denial of service
14483| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
14484| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
14485| [108935] Apple macOS up to 10.13.1 apache denial of service
14486| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
14487| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
14488| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
14489| [108931] Apple macOS up to 10.13.1 apache denial of service
14490| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
14491| [108929] Apple macOS up to 10.13.1 apache denial of service
14492| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
14493| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
14494| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
14495| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
14496| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
14497| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
14498| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
14499| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
14500| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
14501| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
14502| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
14503| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
14504| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
14505| [108782] Apache Xerces2 XML Service denial of service
14506| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
14507| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
14508| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
14509| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
14510| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
14511| [108629] Apache OFBiz up to 10.04.01 privilege escalation
14512| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
14513| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
14514| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
14515| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
14516| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
14517| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
14518| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
14519| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
14520| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
14521| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
14522| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
14523| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
14524| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
14525| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
14526| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
14527| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
14528| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
14529| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
14530| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
14531| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
14532| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
14533| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
14534| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
14535| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
14536| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
14537| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
14538| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
14539| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
14540| [107639] Apache NiFi 1.4.0 XML External Entity
14541| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
14542| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
14543| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
14544| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
14545| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
14546| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
14547| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
14548| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
14549| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
14550| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
14551| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
14552| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
14553| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
14554| [107197] Apache Xerces Jelly Parser XML File XML External Entity
14555| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
14556| [107084] Apache Struts up to 2.3.19 cross site scripting
14557| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
14558| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
14559| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
14560| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
14561| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
14562| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
14563| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
14564| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
14565| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
14566| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
14567| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
14568| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
14569| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
14570| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
14571| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
14572| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
14573| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
14574| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
14575| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
14576| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
14577| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
14578| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
14579| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
14580| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
14581| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
14582| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
14583| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
14584| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
14585| [105878] Apache Struts up to 2.3.24.0 privilege escalation
14586| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
14587| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
14588| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
14589| [105643] Apache Pony Mail up to 0.8b weak authentication
14590| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
14591| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
14592| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
14593| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
14594| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
14595| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
14596| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
14597| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
14598| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
14599| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
14600| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
14601| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
14602| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
14603| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
14604| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
14605| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
14606| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
14607| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
14608| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
14609| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
14610| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
14611| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
14612| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
14613| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
14614| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
14615| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
14616| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
14617| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
14618| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
14619| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
14620| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
14621| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
14622| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
14623| [103690] Apache OpenMeetings 1.0.0 sql injection
14624| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
14625| [103688] Apache OpenMeetings 1.0.0 weak encryption
14626| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
14627| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
14628| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
14629| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
14630| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
14631| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
14632| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
14633| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
14634| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
14635| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
14636| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
14637| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
14638| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
14639| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
14640| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
14641| [103352] Apache Solr Node weak authentication
14642| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
14643| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
14644| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
14645| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
14646| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
14647| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
14648| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
14649| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
14650| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
14651| [102536] Apache Ranger up to 0.6 Stored cross site scripting
14652| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
14653| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
14654| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
14655| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
14656| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
14657| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
14658| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
14659| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
14660| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
14661| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
14662| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
14663| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
14664| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
14665| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
14666| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
14667| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
14668| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
14669| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
14670| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
14671| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
14672| [99937] Apache Batik up to 1.8 privilege escalation
14673| [99936] Apache FOP up to 2.1 privilege escalation
14674| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
14675| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
14676| [99930] Apache Traffic Server up to 6.2.0 denial of service
14677| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
14678| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
14679| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
14680| [117569] Apache Hadoop up to 2.7.3 privilege escalation
14681| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
14682| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
14683| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
14684| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
14685| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
14686| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
14687| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
14688| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
14689| [99014] Apache Camel Jackson/JacksonXML privilege escalation
14690| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14691| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
14692| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14693| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
14694| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
14695| [98605] Apple macOS up to 10.12.3 Apache denial of service
14696| [98604] Apple macOS up to 10.12.3 Apache denial of service
14697| [98603] Apple macOS up to 10.12.3 Apache denial of service
14698| [98602] Apple macOS up to 10.12.3 Apache denial of service
14699| [98601] Apple macOS up to 10.12.3 Apache denial of service
14700| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
14701| [98405] Apache Hadoop up to 0.23.10 privilege escalation
14702| [98199] Apache Camel Validation XML External Entity
14703| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
14704| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
14705| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
14706| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
14707| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
14708| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
14709| [97081] Apache Tomcat HTTPS Request denial of service
14710| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
14711| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
14712| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
14713| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
14714| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
14715| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
14716| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
14717| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
14718| [95311] Apache Storm UI Daemon privilege escalation
14719| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
14720| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
14721| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
14722| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
14723| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
14724| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
14725| [94540] Apache Tika 1.9 tika-server File information disclosure
14726| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
14727| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
14728| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
14729| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
14730| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
14731| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
14732| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14733| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14734| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
14735| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
14736| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
14737| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
14738| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
14739| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
14740| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14741| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14742| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
14743| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
14744| [93532] Apache Commons Collections Library Java privilege escalation
14745| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
14746| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
14747| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
14748| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
14749| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
14750| [93098] Apache Commons FileUpload privilege escalation
14751| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
14752| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
14753| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
14754| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
14755| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
14756| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
14757| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
14758| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
14759| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
14760| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
14761| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
14762| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
14763| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
14764| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
14765| [92549] Apache Tomcat on Red Hat privilege escalation
14766| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
14767| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
14768| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
14769| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
14770| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
14771| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
14772| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
14773| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
14774| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
14775| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
14776| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
14777| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
14778| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
14779| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
14780| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
14781| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
14782| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
14783| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
14784| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
14785| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
14786| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
14787| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
14788| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
14789| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
14790| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
14791| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
14792| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
14793| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
14794| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
14795| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
14796| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
14797| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
14798| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
14799| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
14800| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
14801| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
14802| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
14803| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
14804| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
14805| [90263] Apache Archiva Header denial of service
14806| [90262] Apache Archiva Deserialize privilege escalation
14807| [90261] Apache Archiva XML DTD Connection privilege escalation
14808| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
14809| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
14810| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
14811| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
14812| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14813| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14814| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
14815| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
14816| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
14817| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
14818| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
14819| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
14820| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
14821| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
14822| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
14823| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
14824| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
14825| [87765] Apache James Server 2.3.2 Command privilege escalation
14826| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
14827| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
14828| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
14829| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
14830| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
14831| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
14832| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
14833| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
14834| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
14835| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14836| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14837| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
14838| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
14839| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
14840| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14841| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14842| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
14843| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
14844| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
14845| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
14846| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
14847| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
14848| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
14849| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
14850| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
14851| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
14852| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
14853| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
14854| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
14855| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
14856| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
14857| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
14858| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
14859| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
14860| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
14861| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
14862| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
14863| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
14864| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
14865| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
14866| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
14867| [82076] Apache Ranger up to 0.5.1 privilege escalation
14868| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
14869| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
14870| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
14871| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
14872| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
14873| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
14874| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
14875| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
14876| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
14877| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
14878| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
14879| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
14880| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14881| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14882| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
14883| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
14884| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
14885| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
14886| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
14887| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
14888| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
14889| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
14890| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
14891| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
14892| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
14893| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
14894| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
14895| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
14896| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
14897| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
14898| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
14899| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
14900| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
14901| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
14902| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
14903| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
14904| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
14905| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
14906| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
14907| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
14908| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
14909| [79791] Cisco Products Apache Commons Collections Library privilege escalation
14910| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14911| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14912| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
14913| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
14914| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
14915| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
14916| [78989] Apache Ambari up to 2.1.1 Open Redirect
14917| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
14918| [78987] Apache Ambari up to 2.0.x cross site scripting
14919| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
14920| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14921| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14922| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14923| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14924| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14925| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14926| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14927| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
14928| [77406] Apache Flex BlazeDS AMF Message XML External Entity
14929| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
14930| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
14931| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
14932| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
14933| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
14934| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
14935| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
14936| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
14937| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
14938| [76567] Apache Struts 2.3.20 unknown vulnerability
14939| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
14940| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
14941| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
14942| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
14943| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
14944| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
14945| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
14946| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
14947| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
14948| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
14949| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
14950| [74793] Apache Tomcat File Upload denial of service
14951| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
14952| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
14953| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
14954| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
14955| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
14956| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
14957| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
14958| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
14959| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
14960| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
14961| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
14962| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
14963| [74468] Apache Batik up to 1.6 denial of service
14964| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
14965| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
14966| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
14967| [74174] Apache WSS4J up to 2.0.0 privilege escalation
14968| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
14969| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
14970| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
14971| [73731] Apache XML Security unknown vulnerability
14972| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
14973| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
14974| [73593] Apache Traffic Server up to 5.1.0 denial of service
14975| [73511] Apache POI up to 3.10 Deadlock denial of service
14976| [73510] Apache Solr up to 4.3.0 cross site scripting
14977| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
14978| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
14979| [73173] Apache CloudStack Stack-Based unknown vulnerability
14980| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
14981| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
14982| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
14983| [72890] Apache Qpid 0.30 unknown vulnerability
14984| [72887] Apache Hive 0.13.0 File Permission privilege escalation
14985| [72878] Apache Cordova 3.5.0 cross site request forgery
14986| [72877] Apache Cordova 3.5.0 cross site request forgery
14987| [72876] Apache Cordova 3.5.0 cross site request forgery
14988| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
14989| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
14990| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
14991| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
14992| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14993| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14994| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
14995| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
14996| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
14997| [71629] Apache Axis2/C spoofing
14998| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
14999| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
15000| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
15001| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
15002| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
15003| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
15004| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
15005| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
15006| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
15007| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
15008| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
15009| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
15010| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
15011| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
15012| [70809] Apache POI up to 3.11 Crash denial of service
15013| [70808] Apache POI up to 3.10 unknown vulnerability
15014| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
15015| [70749] Apache Axis up to 1.4 getCN spoofing
15016| [70701] Apache Traffic Server up to 3.3.5 denial of service
15017| [70700] Apache OFBiz up to 12.04.03 cross site scripting
15018| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
15019| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
15020| [70661] Apache Subversion up to 1.6.17 denial of service
15021| [70660] Apache Subversion up to 1.6.17 spoofing
15022| [70659] Apache Subversion up to 1.6.17 spoofing
15023| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
15024| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
15025| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
15026| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
15027| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
15028| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
15029| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
15030| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
15031| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
15032| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
15033| [69846] Apache HBase up to 0.94.8 information disclosure
15034| [69783] Apache CouchDB up to 1.2.0 memory corruption
15035| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
15036| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
15037| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
15038| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
15039| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
15040| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
15041| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
15042| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
15043| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
15044| [69431] Apache Archiva up to 1.3.6 cross site scripting
15045| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
15046| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
15047| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
15048| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
15049| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
15050| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
15051| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
15052| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
15053| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
15054| [66739] Apache Camel up to 2.12.2 unknown vulnerability
15055| [66738] Apache Camel up to 2.12.2 unknown vulnerability
15056| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
15057| [66695] Apache CouchDB up to 1.2.0 cross site scripting
15058| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
15059| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
15060| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
15061| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
15062| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
15063| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
15064| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
15065| [66356] Apache Wicket up to 6.8.0 information disclosure
15066| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
15067| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
15068| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
15069| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
15070| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
15071| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
15072| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
15073| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
15074| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
15075| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
15076| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
15077| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
15078| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
15079| [65668] Apache Solr 4.0.0 Updater denial of service
15080| [65665] Apache Solr up to 4.3.0 denial of service
15081| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
15082| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
15083| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
15084| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
15085| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
15086| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
15087| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
15088| [65410] Apache Struts 2.3.15.3 cross site scripting
15089| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
15090| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
15091| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
15092| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
15093| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
15094| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
15095| [65340] Apache Shindig 2.5.0 information disclosure
15096| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
15097| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
15098| [10826] Apache Struts 2 File privilege escalation
15099| [65204] Apache Camel up to 2.10.1 unknown vulnerability
15100| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
15101| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
15102| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
15103| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
15104| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
15105| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
15106| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
15107| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
15108| [64722] Apache XML Security for C++ Heap-based memory corruption
15109| [64719] Apache XML Security for C++ Heap-based memory corruption
15110| [64718] Apache XML Security for C++ verify denial of service
15111| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
15112| [64716] Apache XML Security for C++ spoofing
15113| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
15114| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
15115| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
15116| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
15117| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
15118| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
15119| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
15120| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
15121| [64485] Apache Struts up to 2.2.3.0 privilege escalation
15122| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
15123| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
15124| [64467] Apache Geronimo 3.0 memory corruption
15125| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
15126| [64457] Apache Struts up to 2.2.3.0 cross site scripting
15127| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
15128| [9184] Apache Qpid up to 0.20 SSL misconfiguration
15129| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
15130| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
15131| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
15132| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
15133| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
15134| [8873] Apache Struts 2.3.14 privilege escalation
15135| [8872] Apache Struts 2.3.14 privilege escalation
15136| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
15137| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
15138| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
15139| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
15140| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
15141| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
15142| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
15143| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
15144| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
15145| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
15146| [64006] Apache ActiveMQ up to 5.7.0 denial of service
15147| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
15148| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
15149| [8427] Apache Tomcat Session Transaction weak authentication
15150| [63960] Apache Maven 3.0.4 Default Configuration spoofing
15151| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
15152| [63750] Apache qpid up to 0.20 checkAvailable denial of service
15153| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
15154| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
15155| [63747] Apache Rave up to 0.20 User Account information disclosure
15156| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
15157| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
15158| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
15159| [7687] Apache CXF up to 2.7.2 Token weak authentication
15160| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
15161| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
15162| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
15163| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
15164| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
15165| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
15166| [63090] Apache Tomcat up to 4.1.24 denial of service
15167| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
15168| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
15169| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
15170| [62833] Apache CXF -/2.6.0 spoofing
15171| [62832] Apache Axis2 up to 1.6.2 spoofing
15172| [62831] Apache Axis up to 1.4 Java Message Service spoofing
15173| [62830] Apache Commons-httpclient 3.0 Payments spoofing
15174| [62826] Apache Libcloud up to 0.11.0 spoofing
15175| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
15176| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
15177| [62661] Apache Axis2 unknown vulnerability
15178| [62658] Apache Axis2 unknown vulnerability
15179| [62467] Apache Qpid up to 0.17 denial of service
15180| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
15181| [6301] Apache HTTP Server mod_pagespeed cross site scripting
15182| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
15183| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
15184| [62035] Apache Struts up to 2.3.4 denial of service
15185| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
15186| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
15187| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
15188| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
15189| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
15190| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
15191| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
15192| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
15193| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
15194| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
15195| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
15196| [61229] Apache Sling up to 2.1.1 denial of service
15197| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
15198| [61094] Apache Roller up to 5.0 cross site scripting
15199| [61093] Apache Roller up to 5.0 cross site request forgery
15200| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
15201| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
15202| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
15203| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
15204| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
15205| [60708] Apache Qpid 0.12 unknown vulnerability
15206| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
15207| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
15208| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
15209| [4882] Apache Wicket up to 1.5.4 directory traversal
15210| [4881] Apache Wicket up to 1.4.19 cross site scripting
15211| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
15212| [60352] Apache Struts up to 2.2.3 memory corruption
15213| [60153] Apache Portable Runtime up to 1.4.3 denial of service
15214| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
15215| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
15216| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
15217| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
15218| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
15219| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
15220| [4571] Apache Struts up to 2.3.1.2 privilege escalation
15221| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
15222| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
15223| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
15224| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
15225| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
15226| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
15227| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
15228| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
15229| [59888] Apache Tomcat up to 6.0.6 denial of service
15230| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
15231| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
15232| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
15233| [59850] Apache Geronimo up to 2.2.1 denial of service
15234| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
15235| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
15236| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
15237| [58413] Apache Tomcat up to 6.0.10 spoofing
15238| [58381] Apache Wicket up to 1.4.17 cross site scripting
15239| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
15240| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
15241| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
15242| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
15243| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
15244| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
15245| [57568] Apache Archiva up to 1.3.4 cross site scripting
15246| [57567] Apache Archiva up to 1.3.4 cross site request forgery
15247| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
15248| [4355] Apache HTTP Server APR apr_fnmatch denial of service
15249| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
15250| [57425] Apache Struts up to 2.2.1.1 cross site scripting
15251| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
15252| [57025] Apache Tomcat up to 7.0.11 information disclosure
15253| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
15254| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
15255| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
15256| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
15257| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
15258| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
15259| [56512] Apache Continuum up to 1.4.0 cross site scripting
15260| [4285] Apache Tomcat 5.x JVM getLocale denial of service
15261| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
15262| [4283] Apache Tomcat 5.x ServletContect privilege escalation
15263| [56441] Apache Tomcat up to 7.0.6 denial of service
15264| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
15265| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
15266| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
15267| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
15268| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
15269| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
15270| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
15271| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
15272| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
15273| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
15274| [54693] Apache Traffic Server DNS Cache unknown vulnerability
15275| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
15276| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
15277| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
15278| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
15279| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
15280| [54012] Apache Tomcat up to 6.0.10 denial of service
15281| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
15282| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
15283| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
15284| [52894] Apache Tomcat up to 6.0.7 information disclosure
15285| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
15286| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
15287| [52786] Apache Open For Business Project up to 09.04 cross site scripting
15288| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
15289| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
15290| [52584] Apache CouchDB up to 0.10.1 information disclosure
15291| [51757] Apache HTTP Server 2.0.44 cross site scripting
15292| [51756] Apache HTTP Server 2.0.44 spoofing
15293| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
15294| [51690] Apache Tomcat up to 6.0 directory traversal
15295| [51689] Apache Tomcat up to 6.0 information disclosure
15296| [51688] Apache Tomcat up to 6.0 directory traversal
15297| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
15298| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
15299| [50626] Apache Solr 1.0.0 cross site scripting
15300| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
15301| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
15302| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
15303| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
15304| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
15305| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
15306| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
15307| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
15308| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
15309| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
15310| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
15311| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
15312| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
15313| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
15314| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
15315| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
15316| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
15317| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
15318| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
15319| [47214] Apachefriends xampp 1.6.8 spoofing
15320| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
15321| [47162] Apachefriends XAMPP 1.4.4 weak authentication
15322| [47065] Apache Tomcat 4.1.23 cross site scripting
15323| [46834] Apache Tomcat up to 5.5.20 cross site scripting
15324| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
15325| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
15326| [86625] Apache Struts directory traversal
15327| [44461] Apache Tomcat up to 5.5.0 information disclosure
15328| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
15329| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
15330| [43663] Apache Tomcat up to 6.0.16 directory traversal
15331| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
15332| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
15333| [43516] Apache Tomcat up to 4.1.20 directory traversal
15334| [43509] Apache Tomcat up to 6.0.13 cross site scripting
15335| [42637] Apache Tomcat up to 6.0.16 cross site scripting
15336| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
15337| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
15338| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
15339| [40924] Apache Tomcat up to 6.0.15 information disclosure
15340| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
15341| [40922] Apache Tomcat up to 6.0 information disclosure
15342| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
15343| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
15344| [40656] Apache Tomcat 5.5.20 information disclosure
15345| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
15346| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
15347| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
15348| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
15349| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
15350| [40234] Apache Tomcat up to 6.0.15 directory traversal
15351| [40221] Apache HTTP Server 2.2.6 information disclosure
15352| [40027] David Castro Apache Authcas 0.4 sql injection
15353| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
15354| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
15355| [3414] Apache Tomcat WebDAV Stored privilege escalation
15356| [39489] Apache Jakarta Slide up to 2.1 directory traversal
15357| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
15358| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
15359| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
15360| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
15361| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
15362| [38524] Apache Geronimo 2.0 unknown vulnerability
15363| [3256] Apache Tomcat up to 6.0.13 cross site scripting
15364| [38331] Apache Tomcat 4.1.24 information disclosure
15365| [38330] Apache Tomcat 4.1.24 information disclosure
15366| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
15367| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
15368| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
15369| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
15370| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
15371| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
15372| [37292] Apache Tomcat up to 5.5.1 cross site scripting
15373| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
15374| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
15375| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
15376| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
15377| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
15378| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
15379| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
15380| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
15381| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
15382| [36225] XAMPP Apache Distribution 1.6.0a sql injection
15383| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
15384| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
15385| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
15386| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
15387| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
15388| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
15389| [34252] Apache HTTP Server denial of service
15390| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
15391| [33877] Apache Opentaps 0.9.3 cross site scripting
15392| [33876] Apache Open For Business Project unknown vulnerability
15393| [33875] Apache Open For Business Project cross site scripting
15394| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
15395| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
15396|
15397| MITRE CVE - https://cve.mitre.org:
15398| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
15399| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
15400| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
15401| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
15402| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
15403| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
15404| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
15405| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
15406| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
15407| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
15408| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
15409| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
15410| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
15411| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
15412| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
15413| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
15414| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
15415| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
15416| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
15417| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
15418| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
15419| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
15420| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
15421| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
15422| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
15423| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
15424| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
15425| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
15426| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
15427| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
15428| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15429| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
15430| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
15431| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
15432| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
15433| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
15434| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
15435| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
15436| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
15437| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
15438| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
15439| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15440| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15441| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15442| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
15443| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
15444| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
15445| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
15446| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
15447| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
15448| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
15449| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
15450| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
15451| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
15452| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
15453| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
15454| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
15455| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
15456| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
15457| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
15458| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
15459| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
15460| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
15461| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
15462| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15463| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
15464| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
15465| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
15466| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
15467| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
15468| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
15469| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
15470| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
15471| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
15472| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
15473| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
15474| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
15475| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
15476| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
15477| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
15478| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
15479| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
15480| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
15481| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
15482| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
15483| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
15484| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
15485| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
15486| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
15487| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
15488| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
15489| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
15490| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
15491| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
15492| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
15493| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
15494| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
15495| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
15496| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
15497| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
15498| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
15499| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
15500| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
15501| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
15502| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
15503| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
15504| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
15505| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
15506| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
15507| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
15508| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
15509| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
15510| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
15511| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
15512| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
15513| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
15514| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
15515| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
15516| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
15517| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
15518| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
15519| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
15520| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
15521| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
15522| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
15523| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
15524| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
15525| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
15526| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
15527| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
15528| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
15529| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
15530| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
15531| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
15532| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
15533| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
15534| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
15535| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
15536| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
15537| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
15538| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
15539| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
15540| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
15541| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
15542| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
15543| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
15544| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
15545| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
15546| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
15547| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
15548| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
15549| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
15550| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
15551| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
15552| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
15553| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
15554| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
15555| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
15556| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
15557| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
15558| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
15559| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
15560| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
15561| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15562| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
15563| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
15564| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
15565| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
15566| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
15567| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
15568| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
15569| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
15570| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
15571| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
15572| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
15573| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
15574| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
15575| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
15576| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
15577| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15578| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
15579| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
15580| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
15581| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
15582| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
15583| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
15584| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
15585| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
15586| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
15587| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
15588| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
15589| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
15590| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
15591| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
15592| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
15593| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
15594| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
15595| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
15596| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
15597| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
15598| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
15599| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
15600| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
15601| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
15602| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
15603| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
15604| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
15605| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
15606| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
15607| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
15608| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
15609| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
15610| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
15611| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
15612| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
15613| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
15614| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
15615| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
15616| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
15617| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
15618| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15619| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
15620| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
15621| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
15622| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
15623| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
15624| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
15625| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
15626| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
15627| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
15628| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
15629| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
15630| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
15631| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
15632| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
15633| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
15634| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
15635| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
15636| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
15637| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
15638| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
15639| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
15640| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
15641| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
15642| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
15643| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
15644| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
15645| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
15646| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
15647| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
15648| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
15649| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
15650| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
15651| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
15652| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
15653| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
15654| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
15655| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
15656| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
15657| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
15658| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
15659| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
15660| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
15661| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
15662| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
15663| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
15664| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
15665| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
15666| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
15667| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
15668| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
15669| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
15670| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
15671| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
15672| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
15673| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
15674| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
15675| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
15676| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
15677| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
15678| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
15679| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
15680| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
15681| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
15682| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
15683| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
15684| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
15685| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
15686| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
15687| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
15688| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
15689| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
15690| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
15691| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15692| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15693| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
15694| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
15695| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
15696| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
15697| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
15698| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
15699| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
15700| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
15701| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
15702| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
15703| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15704| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15705| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
15706| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
15707| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
15708| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15709| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
15710| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
15711| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
15712| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
15713| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
15714| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
15715| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
15716| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
15717| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15718| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
15719| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
15720| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
15721| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
15722| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
15723| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
15724| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
15725| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
15726| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
15727| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
15728| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
15729| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
15730| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
15731| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
15732| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
15733| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
15734| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
15735| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
15736| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
15737| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
15738| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
15739| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
15740| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
15741| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
15742| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
15743| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
15744| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
15745| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15746| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15747| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
15748| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
15749| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
15750| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15751| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
15752| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
15753| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
15754| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
15755| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
15756| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
15757| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
15758| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
15759| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
15760| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
15761| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
15762| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
15763| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
15764| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15765| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15766| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
15767| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
15768| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
15769| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
15770| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
15771| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
15772| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
15773| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15774| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
15775| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15776| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
15777| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
15778| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
15779| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15780| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
15781| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15782| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
15783| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
15784| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15785| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
15786| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
15787| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
15788| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
15789| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
15790| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
15791| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
15792| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
15793| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15794| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
15795| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
15796| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
15797| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
15798| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
15799| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
15800| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
15801| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
15802| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
15803| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
15804| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
15805| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
15806| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
15807| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
15808| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
15809| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
15810| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
15811| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
15812| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
15813| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
15814| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
15815| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15816| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15817| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
15818| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
15819| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
15820| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
15821| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
15822| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
15823| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
15824| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
15825| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
15826| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
15827| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
15828| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
15829| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
15830| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
15831| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
15832| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
15833| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
15834| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
15835| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
15836| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
15837| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
15838| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
15839| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
15840| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15841| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15842| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15843| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
15844| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
15845| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
15846| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
15847| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
15848| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
15849| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
15850| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
15851| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
15852| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
15853| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
15854| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
15855| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
15856| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
15857| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
15858| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15859| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15860| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
15861| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
15862| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
15863| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
15864| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
15865| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
15866| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
15867| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
15868| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
15869| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
15870| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
15871| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
15872| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
15873| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
15874| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
15875| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
15876| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
15877| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
15878| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
15879| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
15880| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
15881| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
15882| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
15883| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
15884| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
15885| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15886| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15887| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
15888| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
15889| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
15890| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
15891| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
15892| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
15893| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
15894| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
15895| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
15896| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
15897| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
15898| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
15899| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
15900| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
15901| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
15902| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
15903| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
15904| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
15905| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
15906| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
15907| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
15908| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
15909| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
15910| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
15911| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
15912| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
15913| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
15914| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15915| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
15916| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
15917| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
15918| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
15919| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
15920| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
15921| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
15922| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
15923| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
15924| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
15925| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
15926| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
15927| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
15928| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
15929| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
15930| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
15931| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
15932| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15933| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
15934| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
15935| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
15936| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
15937| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
15938| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
15939| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
15940| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
15941| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
15942| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
15943| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
15944| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
15945| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
15946| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
15947| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
15948| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
15949| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
15950| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
15951| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
15952| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
15953| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
15954| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
15955| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
15956| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
15957| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
15958| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
15959| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
15960| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
15961| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
15962| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
15963| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
15964| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
15965| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
15966| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
15967| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
15968| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
15969| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
15970| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
15971| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
15972| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
15973| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
15974| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
15975| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
15976| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
15977| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
15978| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
15979| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
15980| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
15981| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
15982| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
15983| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
15984| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
15985| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
15986| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
15987| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
15988| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
15989| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
15990| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
15991| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
15992| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
15993| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
15994| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
15995| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
15996| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
15997| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
15998| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
15999| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
16000| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
16001| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
16002| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
16003| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
16004| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
16005| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
16006| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
16007|
16008| SecurityFocus - https://www.securityfocus.com/bid/:
16009| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
16010| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
16011| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
16012| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
16013| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
16014| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
16015| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
16016| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
16017| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
16018| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
16019| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
16020| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
16021| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
16022| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
16023| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
16024| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
16025| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
16026| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
16027| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
16028| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
16029| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
16030| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
16031| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
16032| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
16033| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
16034| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
16035| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
16036| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
16037| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
16038| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
16039| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
16040| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
16041| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
16042| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
16043| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
16044| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
16045| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
16046| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
16047| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
16048| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
16049| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
16050| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
16051| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
16052| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
16053| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
16054| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
16055| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
16056| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
16057| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
16058| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
16059| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
16060| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
16061| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
16062| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
16063| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
16064| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
16065| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
16066| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
16067| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
16068| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
16069| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
16070| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
16071| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
16072| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
16073| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
16074| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
16075| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
16076| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
16077| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
16078| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
16079| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
16080| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
16081| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
16082| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
16083| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
16084| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
16085| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
16086| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
16087| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
16088| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
16089| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
16090| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
16091| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
16092| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
16093| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
16094| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
16095| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
16096| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
16097| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
16098| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
16099| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
16100| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
16101| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
16102| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
16103| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
16104| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
16105| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
16106| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
16107| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
16108| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
16109| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
16110| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
16111| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
16112| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
16113| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
16114| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
16115| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
16116| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
16117| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
16118| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
16119| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
16120| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
16121| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
16122| [100447] Apache2Triad Multiple Security Vulnerabilities
16123| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
16124| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
16125| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
16126| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
16127| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
16128| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
16129| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
16130| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
16131| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
16132| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
16133| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
16134| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
16135| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
16136| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
16137| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
16138| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
16139| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
16140| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
16141| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
16142| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
16143| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
16144| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
16145| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
16146| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
16147| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
16148| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
16149| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
16150| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
16151| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
16152| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
16153| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
16154| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
16155| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
16156| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
16157| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
16158| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
16159| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
16160| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
16161| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
16162| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
16163| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
16164| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
16165| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
16166| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
16167| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
16168| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
16169| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
16170| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
16171| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
16172| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
16173| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
16174| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
16175| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
16176| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
16177| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
16178| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
16179| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
16180| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
16181| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
16182| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
16183| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
16184| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
16185| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
16186| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
16187| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
16188| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
16189| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
16190| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
16191| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
16192| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
16193| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
16194| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
16195| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
16196| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
16197| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
16198| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
16199| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
16200| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
16201| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
16202| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
16203| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
16204| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
16205| [95675] Apache Struts Remote Code Execution Vulnerability
16206| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
16207| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
16208| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
16209| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
16210| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
16211| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
16212| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
16213| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
16214| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
16215| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
16216| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
16217| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
16218| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
16219| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
16220| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
16221| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
16222| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
16223| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
16224| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
16225| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
16226| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
16227| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
16228| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
16229| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
16230| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
16231| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
16232| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
16233| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
16234| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
16235| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
16236| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
16237| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
16238| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
16239| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
16240| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
16241| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
16242| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
16243| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
16244| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
16245| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
16246| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
16247| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
16248| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
16249| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
16250| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
16251| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
16252| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
16253| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
16254| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
16255| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
16256| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
16257| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
16258| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
16259| [91736] Apache XML-RPC Multiple Security Vulnerabilities
16260| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
16261| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
16262| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
16263| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
16264| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
16265| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
16266| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
16267| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
16268| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
16269| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
16270| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
16271| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
16272| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
16273| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
16274| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
16275| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
16276| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
16277| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
16278| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
16279| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
16280| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
16281| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
16282| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
16283| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
16284| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
16285| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
16286| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
16287| [90482] Apache CVE-2004-1387 Local Security Vulnerability
16288| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
16289| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
16290| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
16291| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
16292| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
16293| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
16294| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
16295| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
16296| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
16297| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
16298| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
16299| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
16300| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
16301| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
16302| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
16303| [86399] Apache CVE-2007-1743 Local Security Vulnerability
16304| [86397] Apache CVE-2007-1742 Local Security Vulnerability
16305| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
16306| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
16307| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
16308| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
16309| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
16310| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
16311| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
16312| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
16313| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
16314| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
16315| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
16316| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
16317| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
16318| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
16319| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
16320| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
16321| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
16322| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
16323| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
16324| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
16325| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
16326| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
16327| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
16328| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
16329| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
16330| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
16331| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
16332| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
16333| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
16334| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
16335| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
16336| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
16337| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
16338| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
16339| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
16340| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
16341| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
16342| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
16343| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
16344| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
16345| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
16346| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
16347| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
16348| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
16349| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
16350| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
16351| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
16352| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
16353| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
16354| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
16355| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
16356| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
16357| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
16358| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
16359| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
16360| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
16361| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
16362| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
16363| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
16364| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
16365| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
16366| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
16367| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
16368| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
16369| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
16370| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
16371| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
16372| [76933] Apache James Server Unspecified Command Execution Vulnerability
16373| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
16374| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
16375| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
16376| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
16377| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
16378| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
16379| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
16380| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
16381| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
16382| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
16383| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
16384| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
16385| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
16386| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
16387| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
16388| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
16389| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
16390| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
16391| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
16392| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
16393| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
16394| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
16395| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
16396| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
16397| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
16398| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
16399| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
16400| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
16401| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
16402| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
16403| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
16404| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
16405| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
16406| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
16407| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
16408| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
16409| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
16410| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
16411| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
16412| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
16413| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
16414| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
16415| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
16416| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
16417| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
16418| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
16419| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
16420| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
16421| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
16422| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
16423| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
16424| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
16425| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
16426| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
16427| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
16428| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
16429| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
16430| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
16431| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
16432| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
16433| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
16434| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
16435| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
16436| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
16437| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
16438| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
16439| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
16440| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
16441| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
16442| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
16443| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
16444| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
16445| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
16446| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
16447| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
16448| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
16449| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
16450| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
16451| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
16452| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
16453| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
16454| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
16455| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
16456| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
16457| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
16458| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
16459| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
16460| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
16461| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
16462| [68229] Apache Harmony PRNG Entropy Weakness
16463| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
16464| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
16465| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
16466| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
16467| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
16468| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
16469| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
16470| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
16471| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
16472| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
16473| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
16474| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
16475| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
16476| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
16477| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
16478| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
16479| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
16480| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
16481| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
16482| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
16483| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
16484| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
16485| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
16486| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
16487| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
16488| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
16489| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
16490| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
16491| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
16492| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
16493| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
16494| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
16495| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
16496| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
16497| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
16498| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
16499| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
16500| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
16501| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
16502| [64780] Apache CloudStack Unauthorized Access Vulnerability
16503| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
16504| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
16505| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
16506| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
16507| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
16508| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
16509| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
16510| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
16511| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
16512| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
16513| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
16514| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16515| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
16516| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
16517| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
16518| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
16519| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
16520| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
16521| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
16522| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
16523| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
16524| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
16525| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
16526| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
16527| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
16528| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
16529| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
16530| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
16531| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
16532| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
16533| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
16534| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
16535| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
16536| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
16537| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
16538| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
16539| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
16540| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
16541| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
16542| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
16543| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
16544| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
16545| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
16546| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
16547| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
16548| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
16549| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
16550| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
16551| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
16552| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
16553| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
16554| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
16555| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
16556| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
16557| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
16558| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
16559| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
16560| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
16561| [59670] Apache VCL Multiple Input Validation Vulnerabilities
16562| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
16563| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
16564| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
16565| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
16566| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
16567| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
16568| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
16569| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
16570| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
16571| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
16572| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
16573| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
16574| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
16575| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
16576| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
16577| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
16578| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
16579| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
16580| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
16581| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
16582| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
16583| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
16584| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
16585| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
16586| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
16587| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
16588| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
16589| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
16590| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
16591| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
16592| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
16593| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
16594| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
16595| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
16596| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
16597| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
16598| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
16599| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
16600| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
16601| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
16602| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
16603| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
16604| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
16605| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
16606| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
16607| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
16608| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
16609| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
16610| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
16611| [54798] Apache Libcloud Man In The Middle Vulnerability
16612| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
16613| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
16614| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
16615| [54189] Apache Roller Cross Site Request Forgery Vulnerability
16616| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
16617| [53880] Apache CXF Child Policies Security Bypass Vulnerability
16618| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
16619| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
16620| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
16621| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
16622| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
16623| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
16624| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
16625| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16626| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
16627| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
16628| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
16629| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
16630| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
16631| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
16632| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
16633| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
16634| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
16635| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
16636| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
16637| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
16638| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16639| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16640| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
16641| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
16642| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
16643| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
16644| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
16645| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
16646| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
16647| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16648| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
16649| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
16650| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
16651| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
16652| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16653| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16654| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
16655| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
16656| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16657| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
16658| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
16659| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
16660| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
16661| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
16662| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
16663| [49290] Apache Wicket Cross Site Scripting Vulnerability
16664| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
16665| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
16666| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
16667| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
16668| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
16669| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
16670| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
16671| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16672| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
16673| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
16674| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
16675| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
16676| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
16677| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
16678| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
16679| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
16680| [46953] Apache MPM-ITK Module Security Weakness
16681| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
16682| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
16683| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
16684| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
16685| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
16686| [46166] Apache Tomcat JVM Denial of Service Vulnerability
16687| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
16688| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16689| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
16690| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
16691| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
16692| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
16693| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
16694| [44616] Apache Shiro Directory Traversal Vulnerability
16695| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
16696| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
16697| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
16698| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
16699| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
16700| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16701| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
16702| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
16703| [42492] Apache CXF XML DTD Processing Security Vulnerability
16704| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
16705| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16706| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16707| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
16708| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
16709| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16710| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
16711| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
16712| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
16713| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16714| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16715| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
16716| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
16717| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16718| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
16719| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
16720| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
16721| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
16722| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
16723| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
16724| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
16725| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
16726| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
16727| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
16728| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
16729| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
16730| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
16731| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
16732| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
16733| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
16734| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16735| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
16736| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
16737| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
16738| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
16739| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16740| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
16741| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
16742| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
16743| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
16744| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
16745| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16746| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16747| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
16748| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
16749| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
16750| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
16751| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
16752| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
16753| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16754| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
16755| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
16756| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16757| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
16758| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
16759| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
16760| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
16761| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
16762| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
16763| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
16764| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16765| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
16766| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
16767| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
16768| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
16769| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
16770| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
16771| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
16772| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
16773| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
16774| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16775| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
16776| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16777| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
16778| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
16779| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
16780| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
16781| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
16782| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16783| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
16784| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
16785| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
16786| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
16787| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
16788| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
16789| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
16790| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
16791| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
16792| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
16793| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
16794| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
16795| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
16796| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
16797| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
16798| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
16799| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
16800| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
16801| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
16802| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
16803| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
16804| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
16805| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
16806| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16807| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
16808| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
16809| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
16810| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
16811| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
16812| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
16813| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
16814| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
16815| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
16816| [20527] Apache Mod_TCL Remote Format String Vulnerability
16817| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
16818| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
16819| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
16820| [19106] Apache Tomcat Information Disclosure Vulnerability
16821| [18138] Apache James SMTP Denial Of Service Vulnerability
16822| [17342] Apache Struts Multiple Remote Vulnerabilities
16823| [17095] Apache Log4Net Denial Of Service Vulnerability
16824| [16916] Apache mod_python FileSession Code Execution Vulnerability
16825| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
16826| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
16827| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
16828| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
16829| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
16830| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
16831| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
16832| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
16833| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
16834| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
16835| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
16836| [15177] PHP Apache 2 Local Denial of Service Vulnerability
16837| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
16838| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
16839| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
16840| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
16841| [14106] Apache HTTP Request Smuggling Vulnerability
16842| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
16843| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
16844| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
16845| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
16846| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
16847| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
16848| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
16849| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
16850| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
16851| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
16852| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
16853| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
16854| [11471] Apache mod_include Local Buffer Overflow Vulnerability
16855| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
16856| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
16857| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
16858| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
16859| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16860| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
16861| [11094] Apache mod_ssl Denial Of Service Vulnerability
16862| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
16863| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
16864| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
16865| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
16866| [10478] ClueCentral Apache Suexec Patch Security Weakness
16867| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
16868| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
16869| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
16870| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
16871| [9921] Apache Connection Blocking Denial Of Service Vulnerability
16872| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
16873| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
16874| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
16875| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
16876| [9733] Apache Cygwin Directory Traversal Vulnerability
16877| [9599] Apache mod_php Global Variables Information Disclosure Weakness
16878| [9590] Apache-SSL Client Certificate Forging Vulnerability
16879| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
16880| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
16881| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
16882| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
16883| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
16884| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
16885| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
16886| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
16887| [8898] Red Hat Apache Directory Index Default Configuration Error
16888| [8883] Apache Cocoon Directory Traversal Vulnerability
16889| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
16890| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
16891| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
16892| [8707] Apache htpasswd Password Entropy Weakness
16893| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
16894| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
16895| [8226] Apache HTTP Server Multiple Vulnerabilities
16896| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
16897| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
16898| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
16899| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
16900| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
16901| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
16902| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
16903| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
16904| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
16905| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
16906| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
16907| [7255] Apache Web Server File Descriptor Leakage Vulnerability
16908| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16909| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
16910| [6939] Apache Web Server ETag Header Information Disclosure Weakness
16911| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
16912| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
16913| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
16914| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
16915| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
16916| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
16917| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
16918| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
16919| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
16920| [6117] Apache mod_php File Descriptor Leakage Vulnerability
16921| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
16922| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
16923| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
16924| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
16925| [5992] Apache HTDigest Insecure Temporary File Vulnerability
16926| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
16927| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
16928| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
16929| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
16930| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
16931| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16932| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
16933| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
16934| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
16935| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
16936| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16937| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
16938| [5485] Apache 2.0 Path Disclosure Vulnerability
16939| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16940| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
16941| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
16942| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
16943| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
16944| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
16945| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
16946| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
16947| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
16948| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
16949| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
16950| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
16951| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
16952| [4437] Apache Error Message Cross-Site Scripting Vulnerability
16953| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
16954| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
16955| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
16956| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
16957| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
16958| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
16959| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
16960| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
16961| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
16962| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
16963| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
16964| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
16965| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
16966| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
16967| [3596] Apache Split-Logfile File Append Vulnerability
16968| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
16969| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
16970| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
16971| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
16972| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
16973| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
16974| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
16975| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
16976| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
16977| [3169] Apache Server Address Disclosure Vulnerability
16978| [3009] Apache Possible Directory Index Disclosure Vulnerability
16979| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
16980| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
16981| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
16982| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
16983| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
16984| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
16985| [2216] Apache Web Server DoS Vulnerability
16986| [2182] Apache /tmp File Race Vulnerability
16987| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
16988| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
16989| [1821] Apache mod_cookies Buffer Overflow Vulnerability
16990| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
16991| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
16992| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
16993| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
16994| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
16995| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
16996| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
16997| [1457] Apache::ASP source.asp Example Script Vulnerability
16998| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
16999| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
17000|
17001| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17002| [86258] Apache CloudStack text fields cross-site scripting
17003| [85983] Apache Subversion mod_dav_svn module denial of service
17004| [85875] Apache OFBiz UEL code execution
17005| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
17006| [85871] Apache HTTP Server mod_session_dbd unspecified
17007| [85756] Apache Struts OGNL expression command execution
17008| [85755] Apache Struts DefaultActionMapper class open redirect
17009| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
17010| [85574] Apache HTTP Server mod_dav denial of service
17011| [85573] Apache Struts Showcase App OGNL code execution
17012| [85496] Apache CXF denial of service
17013| [85423] Apache Geronimo RMI classloader code execution
17014| [85326] Apache Santuario XML Security for C++ buffer overflow
17015| [85323] Apache Santuario XML Security for Java spoofing
17016| [85319] Apache Qpid Python client SSL spoofing
17017| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
17018| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
17019| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
17020| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
17021| [84952] Apache Tomcat CVE-2012-3544 denial of service
17022| [84763] Apache Struts CVE-2013-2135 security bypass
17023| [84762] Apache Struts CVE-2013-2134 security bypass
17024| [84719] Apache Subversion CVE-2013-2088 command execution
17025| [84718] Apache Subversion CVE-2013-2112 denial of service
17026| [84717] Apache Subversion CVE-2013-1968 denial of service
17027| [84577] Apache Tomcat security bypass
17028| [84576] Apache Tomcat symlink
17029| [84543] Apache Struts CVE-2013-2115 security bypass
17030| [84542] Apache Struts CVE-2013-1966 security bypass
17031| [84154] Apache Tomcat session hijacking
17032| [84144] Apache Tomcat denial of service
17033| [84143] Apache Tomcat information disclosure
17034| [84111] Apache HTTP Server command execution
17035| [84043] Apache Virtual Computing Lab cross-site scripting
17036| [84042] Apache Virtual Computing Lab cross-site scripting
17037| [83782] Apache CloudStack information disclosure
17038| [83781] Apache CloudStack security bypass
17039| [83720] Apache ActiveMQ cross-site scripting
17040| [83719] Apache ActiveMQ denial of service
17041| [83718] Apache ActiveMQ denial of service
17042| [83263] Apache Subversion denial of service
17043| [83262] Apache Subversion denial of service
17044| [83261] Apache Subversion denial of service
17045| [83259] Apache Subversion denial of service
17046| [83035] Apache mod_ruid2 security bypass
17047| [82852] Apache Qpid federation_tag security bypass
17048| [82851] Apache Qpid qpid::framing::Buffer denial of service
17049| [82758] Apache Rave User RPC API information disclosure
17050| [82663] Apache Subversion svn_fs_file_length() denial of service
17051| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
17052| [82641] Apache Qpid AMQP denial of service
17053| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
17054| [82618] Apache Commons FileUpload symlink
17055| [82360] Apache HTTP Server manager interface cross-site scripting
17056| [82359] Apache HTTP Server hostnames cross-site scripting
17057| [82338] Apache Tomcat log/logdir information disclosure
17058| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
17059| [82268] Apache OpenJPA deserialization command execution
17060| [81981] Apache CXF UsernameTokens security bypass
17061| [81980] Apache CXF WS-Security security bypass
17062| [81398] Apache OFBiz cross-site scripting
17063| [81240] Apache CouchDB directory traversal
17064| [81226] Apache CouchDB JSONP code execution
17065| [81225] Apache CouchDB Futon user interface cross-site scripting
17066| [81211] Apache Axis2/C SSL spoofing
17067| [81167] Apache CloudStack DeployVM information disclosure
17068| [81166] Apache CloudStack AddHost API information disclosure
17069| [81165] Apache CloudStack createSSHKeyPair API information disclosure
17070| [80518] Apache Tomcat cross-site request forgery security bypass
17071| [80517] Apache Tomcat FormAuthenticator security bypass
17072| [80516] Apache Tomcat NIO denial of service
17073| [80408] Apache Tomcat replay-countermeasure security bypass
17074| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
17075| [80317] Apache Tomcat slowloris denial of service
17076| [79984] Apache Commons HttpClient SSL spoofing
17077| [79983] Apache CXF SSL spoofing
17078| [79830] Apache Axis2/Java SSL spoofing
17079| [79829] Apache Axis SSL spoofing
17080| [79809] Apache Tomcat DIGEST security bypass
17081| [79806] Apache Tomcat parseHeaders() denial of service
17082| [79540] Apache OFBiz unspecified
17083| [79487] Apache Axis2 SAML security bypass
17084| [79212] Apache Cloudstack code execution
17085| [78734] Apache CXF SOAP Action security bypass
17086| [78730] Apache Qpid broker denial of service
17087| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
17088| [78563] Apache mod_pagespeed module unspecified cross-site scripting
17089| [78562] Apache mod_pagespeed module security bypass
17090| [78454] Apache Axis2 security bypass
17091| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
17092| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
17093| [78321] Apache Wicket unspecified cross-site scripting
17094| [78183] Apache Struts parameters denial of service
17095| [78182] Apache Struts cross-site request forgery
17096| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
17097| [77987] mod_rpaf module for Apache denial of service
17098| [77958] Apache Struts skill name code execution
17099| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
17100| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
17101| [77568] Apache Qpid broker security bypass
17102| [77421] Apache Libcloud spoofing
17103| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
17104| [77046] Oracle Solaris Apache HTTP Server information disclosure
17105| [76837] Apache Hadoop information disclosure
17106| [76802] Apache Sling CopyFrom denial of service
17107| [76692] Apache Hadoop symlink
17108| [76535] Apache Roller console cross-site request forgery
17109| [76534] Apache Roller weblog cross-site scripting
17110| [76152] Apache CXF elements security bypass
17111| [76151] Apache CXF child policies security bypass
17112| [75983] MapServer for Windows Apache file include
17113| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
17114| [75558] Apache POI denial of service
17115| [75545] PHP apache_request_headers() buffer overflow
17116| [75302] Apache Qpid SASL security bypass
17117| [75211] Debian GNU/Linux apache 2 cross-site scripting
17118| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
17119| [74871] Apache OFBiz FlexibleStringExpander code execution
17120| [74870] Apache OFBiz multiple cross-site scripting
17121| [74750] Apache Hadoop unspecified spoofing
17122| [74319] Apache Struts XSLTResult.java file upload
17123| [74313] Apache Traffic Server header buffer overflow
17124| [74276] Apache Wicket directory traversal
17125| [74273] Apache Wicket unspecified cross-site scripting
17126| [74181] Apache HTTP Server mod_fcgid module denial of service
17127| [73690] Apache Struts OGNL code execution
17128| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
17129| [73100] Apache MyFaces in directory traversal
17130| [73096] Apache APR hash denial of service
17131| [73052] Apache Struts name cross-site scripting
17132| [73030] Apache CXF UsernameToken security bypass
17133| [72888] Apache Struts lastName cross-site scripting
17134| [72758] Apache HTTP Server httpOnly information disclosure
17135| [72757] Apache HTTP Server MPM denial of service
17136| [72585] Apache Struts ParameterInterceptor security bypass
17137| [72438] Apache Tomcat Digest security bypass
17138| [72437] Apache Tomcat Digest security bypass
17139| [72436] Apache Tomcat DIGEST security bypass
17140| [72425] Apache Tomcat parameter denial of service
17141| [72422] Apache Tomcat request object information disclosure
17142| [72377] Apache HTTP Server scoreboard security bypass
17143| [72345] Apache HTTP Server HTTP request denial of service
17144| [72229] Apache Struts ExceptionDelegator command execution
17145| [72089] Apache Struts ParameterInterceptor directory traversal
17146| [72088] Apache Struts CookieInterceptor command execution
17147| [72047] Apache Geronimo hash denial of service
17148| [72016] Apache Tomcat hash denial of service
17149| [71711] Apache Struts OGNL expression code execution
17150| [71654] Apache Struts interfaces security bypass
17151| [71620] Apache ActiveMQ failover denial of service
17152| [71617] Apache HTTP Server mod_proxy module information disclosure
17153| [71508] Apache MyFaces EL security bypass
17154| [71445] Apache HTTP Server mod_proxy security bypass
17155| [71203] Apache Tomcat servlets privilege escalation
17156| [71181] Apache HTTP Server ap_pregsub() denial of service
17157| [71093] Apache HTTP Server ap_pregsub() buffer overflow
17158| [70336] Apache HTTP Server mod_proxy information disclosure
17159| [69804] Apache HTTP Server mod_proxy_ajp denial of service
17160| [69472] Apache Tomcat AJP security bypass
17161| [69396] Apache HTTP Server ByteRange filter denial of service
17162| [69394] Apache Wicket multi window support cross-site scripting
17163| [69176] Apache Tomcat XML information disclosure
17164| [69161] Apache Tomcat jsvc information disclosure
17165| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
17166| [68541] Apache Tomcat sendfile information disclosure
17167| [68420] Apache XML Security denial of service
17168| [68238] Apache Tomcat JMX information disclosure
17169| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
17170| [67804] Apache Subversion control rules information disclosure
17171| [67803] Apache Subversion control rules denial of service
17172| [67802] Apache Subversion baselined denial of service
17173| [67672] Apache Archiva multiple cross-site scripting
17174| [67671] Apache Archiva multiple cross-site request forgery
17175| [67564] Apache APR apr_fnmatch() denial of service
17176| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
17177| [67515] Apache Tomcat annotations security bypass
17178| [67480] Apache Struts s:submit information disclosure
17179| [67414] Apache APR apr_fnmatch() denial of service
17180| [67356] Apache Struts javatemplates cross-site scripting
17181| [67354] Apache Struts Xwork cross-site scripting
17182| [66676] Apache Tomcat HTTP BIO information disclosure
17183| [66675] Apache Tomcat web.xml security bypass
17184| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
17185| [66241] Apache HttpComponents information disclosure
17186| [66154] Apache Tomcat ServletSecurity security bypass
17187| [65971] Apache Tomcat ServletSecurity security bypass
17188| [65876] Apache Subversion mod_dav_svn denial of service
17189| [65343] Apache Continuum unspecified cross-site scripting
17190| [65162] Apache Tomcat NIO connector denial of service
17191| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
17192| [65160] Apache Tomcat HTML Manager interface cross-site scripting
17193| [65159] Apache Tomcat ServletContect security bypass
17194| [65050] Apache CouchDB web-based administration UI cross-site scripting
17195| [64773] Oracle HTTP Server Apache Plugin unauthorized access
17196| [64473] Apache Subversion blame -g denial of service
17197| [64472] Apache Subversion walk() denial of service
17198| [64407] Apache Axis2 CVE-2010-0219 code execution
17199| [63926] Apache Archiva password privilege escalation
17200| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
17201| [63493] Apache Archiva credentials cross-site request forgery
17202| [63477] Apache Tomcat HttpOnly session hijacking
17203| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
17204| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
17205| [62959] Apache Shiro filters security bypass
17206| [62790] Apache Perl cgi module denial of service
17207| [62576] Apache Qpid exchange denial of service
17208| [62575] Apache Qpid AMQP denial of service
17209| [62354] Apache Qpid SSL denial of service
17210| [62235] Apache APR-util apr_brigade_split_line() denial of service
17211| [62181] Apache XML-RPC SAX Parser information disclosure
17212| [61721] Apache Traffic Server cache poisoning
17213| [61202] Apache Derby BUILTIN authentication functionality information disclosure
17214| [61186] Apache CouchDB Futon cross-site request forgery
17215| [61169] Apache CXF DTD denial of service
17216| [61070] Apache Jackrabbit search.jsp SQL injection
17217| [61006] Apache SLMS Quoting cross-site request forgery
17218| [60962] Apache Tomcat time cross-site scripting
17219| [60883] Apache mod_proxy_http information disclosure
17220| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
17221| [60264] Apache Tomcat Transfer-Encoding denial of service
17222| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
17223| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
17224| [59413] Apache mod_proxy_http timeout information disclosure
17225| [59058] Apache MyFaces unencrypted view state cross-site scripting
17226| [58827] Apache Axis2 xsd file include
17227| [58790] Apache Axis2 modules cross-site scripting
17228| [58299] Apache ActiveMQ queueBrowse cross-site scripting
17229| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
17230| [58056] Apache ActiveMQ .jsp source code disclosure
17231| [58055] Apache Tomcat realm name information disclosure
17232| [58046] Apache HTTP Server mod_auth_shadow security bypass
17233| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
17234| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
17235| [57429] Apache CouchDB algorithms information disclosure
17236| [57398] Apache ActiveMQ Web console cross-site request forgery
17237| [57397] Apache ActiveMQ createDestination.action cross-site scripting
17238| [56653] Apache HTTP Server DNS spoofing
17239| [56652] Apache HTTP Server DNS cross-site scripting
17240| [56625] Apache HTTP Server request header information disclosure
17241| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
17242| [56623] Apache HTTP Server mod_proxy_ajp denial of service
17243| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
17244| [55857] Apache Tomcat WAR files directory traversal
17245| [55856] Apache Tomcat autoDeploy attribute security bypass
17246| [55855] Apache Tomcat WAR directory traversal
17247| [55210] Intuit component for Joomla! Apache information disclosure
17248| [54533] Apache Tomcat 404 error page cross-site scripting
17249| [54182] Apache Tomcat admin default password
17250| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
17251| [53666] Apache HTTP Server Solaris pollset support denial of service
17252| [53650] Apache HTTP Server HTTP basic-auth module security bypass
17253| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
17254| [53041] mod_proxy_ftp module for Apache denial of service
17255| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
17256| [51953] Apache Tomcat Path Disclosure
17257| [51952] Apache Tomcat Path Traversal
17258| [51951] Apache stronghold-status Information Disclosure
17259| [51950] Apache stronghold-info Information Disclosure
17260| [51949] Apache PHP Source Code Disclosure
17261| [51948] Apache Multiviews Attack
17262| [51946] Apache JServ Environment Status Information Disclosure
17263| [51945] Apache error_log Information Disclosure
17264| [51944] Apache Default Installation Page Pattern Found
17265| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
17266| [51942] Apache AXIS XML External Entity File Retrieval
17267| [51941] Apache AXIS Sample Servlet Information Leak
17268| [51940] Apache access_log Information Disclosure
17269| [51626] Apache mod_deflate denial of service
17270| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
17271| [51365] Apache Tomcat RequestDispatcher security bypass
17272| [51273] Apache HTTP Server Incomplete Request denial of service
17273| [51195] Apache Tomcat XML information disclosure
17274| [50994] Apache APR-util xml/apr_xml.c denial of service
17275| [50993] Apache APR-util apr_brigade_vprintf denial of service
17276| [50964] Apache APR-util apr_strmatch_precompile() denial of service
17277| [50930] Apache Tomcat j_security_check information disclosure
17278| [50928] Apache Tomcat AJP denial of service
17279| [50884] Apache HTTP Server XML ENTITY denial of service
17280| [50808] Apache HTTP Server AllowOverride privilege escalation
17281| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
17282| [50059] Apache mod_proxy_ajp information disclosure
17283| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
17284| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
17285| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
17286| [49921] Apache ActiveMQ Web interface cross-site scripting
17287| [49898] Apache Geronimo Services/Repository directory traversal
17288| [49725] Apache Tomcat mod_jk module information disclosure
17289| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
17290| [49712] Apache Struts unspecified cross-site scripting
17291| [49213] Apache Tomcat cal2.jsp cross-site scripting
17292| [48934] Apache Tomcat POST doRead method information disclosure
17293| [48211] Apache Tomcat header HTTP request smuggling
17294| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
17295| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
17296| [47709] Apache Roller "
17297| [47104] Novell Netware ApacheAdmin console security bypass
17298| [47086] Apache HTTP Server OS fingerprinting unspecified
17299| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
17300| [45791] Apache Tomcat RemoteFilterValve security bypass
17301| [44435] Oracle WebLogic Apache Connector buffer overflow
17302| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
17303| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
17304| [44156] Apache Tomcat RequestDispatcher directory traversal
17305| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
17306| [43885] Oracle WebLogic Server Apache Connector buffer overflow
17307| [42987] Apache HTTP Server mod_proxy module denial of service
17308| [42915] Apache Tomcat JSP files path disclosure
17309| [42914] Apache Tomcat MS-DOS path disclosure
17310| [42892] Apache Tomcat unspecified unauthorized access
17311| [42816] Apache Tomcat Host Manager cross-site scripting
17312| [42303] Apache 403 error cross-site scripting
17313| [41618] Apache-SSL ExpandCert() authentication bypass
17314| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
17315| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
17316| [40614] Apache mod_jk2 HTTP Host header buffer overflow
17317| [40562] Apache Geronimo init information disclosure
17318| [40478] Novell Web Manager webadmin-apache.conf security bypass
17319| [40411] Apache Tomcat exception handling information disclosure
17320| [40409] Apache Tomcat native (APR based) connector weak security
17321| [40403] Apache Tomcat quotes and %5C cookie information disclosure
17322| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
17323| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
17324| [39867] Apache HTTP Server mod_negotiation cross-site scripting
17325| [39804] Apache Tomcat SingleSignOn information disclosure
17326| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
17327| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
17328| [39608] Apache HTTP Server balancer manager cross-site request forgery
17329| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
17330| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
17331| [39472] Apache HTTP Server mod_status cross-site scripting
17332| [39201] Apache Tomcat JULI logging weak security
17333| [39158] Apache HTTP Server Windows SMB shares information disclosure
17334| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
17335| [38951] Apache::AuthCAS Perl module cookie SQL injection
17336| [38800] Apache HTTP Server 413 error page cross-site scripting
17337| [38211] Apache Geronimo SQLLoginModule authentication bypass
17338| [37243] Apache Tomcat WebDAV directory traversal
17339| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
17340| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
17341| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
17342| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
17343| [36782] Apache Geronimo MEJB unauthorized access
17344| [36586] Apache HTTP Server UTF-7 cross-site scripting
17345| [36468] Apache Geronimo LoginModule security bypass
17346| [36467] Apache Tomcat functions.jsp cross-site scripting
17347| [36402] Apache Tomcat calendar cross-site request forgery
17348| [36354] Apache HTTP Server mod_proxy module denial of service
17349| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
17350| [36336] Apache Derby lock table privilege escalation
17351| [36335] Apache Derby schema privilege escalation
17352| [36006] Apache Tomcat "
17353| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
17354| [35999] Apache Tomcat \"
17355| [35795] Apache Tomcat CookieExample cross-site scripting
17356| [35536] Apache Tomcat SendMailServlet example cross-site scripting
17357| [35384] Apache HTTP Server mod_cache module denial of service
17358| [35097] Apache HTTP Server mod_status module cross-site scripting
17359| [35095] Apache HTTP Server Prefork MPM module denial of service
17360| [34984] Apache HTTP Server recall_headers information disclosure
17361| [34966] Apache HTTP Server MPM content spoofing
17362| [34965] Apache HTTP Server MPM information disclosure
17363| [34963] Apache HTTP Server MPM multiple denial of service
17364| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
17365| [34869] Apache Tomcat JSP example Web application cross-site scripting
17366| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
17367| [34496] Apache Tomcat JK Connector security bypass
17368| [34377] Apache Tomcat hello.jsp cross-site scripting
17369| [34212] Apache Tomcat SSL configuration security bypass
17370| [34210] Apache Tomcat Accept-Language cross-site scripting
17371| [34209] Apache Tomcat calendar application cross-site scripting
17372| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
17373| [34167] Apache Axis WSDL file path disclosure
17374| [34068] Apache Tomcat AJP connector information disclosure
17375| [33584] Apache HTTP Server suEXEC privilege escalation
17376| [32988] Apache Tomcat proxy module directory traversal
17377| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
17378| [32708] Debian Apache tty privilege escalation
17379| [32441] ApacheStats extract() PHP call unspecified
17380| [32128] Apache Tomcat default account
17381| [31680] Apache Tomcat RequestParamExample cross-site scripting
17382| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
17383| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
17384| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
17385| [30456] Apache mod_auth_kerb off-by-one buffer overflow
17386| [29550] Apache mod_tcl set_var() format string
17387| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
17388| [28357] Apache HTTP Server mod_alias script source information disclosure
17389| [28063] Apache mod_rewrite off-by-one buffer overflow
17390| [27902] Apache Tomcat URL information disclosure
17391| [26786] Apache James SMTP server denial of service
17392| [25680] libapache2 /tmp/svn file upload
17393| [25614] Apache Struts lookupMap cross-site scripting
17394| [25613] Apache Struts ActionForm denial of service
17395| [25612] Apache Struts isCancelled() security bypass
17396| [24965] Apache mod_python FileSession command execution
17397| [24716] Apache James spooler memory leak denial of service
17398| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
17399| [24158] Apache Geronimo jsp-examples cross-site scripting
17400| [24030] Apache auth_ldap module multiple format strings
17401| [24008] Apache mod_ssl custom error message denial of service
17402| [24003] Apache mod_auth_pgsql module multiple syslog format strings
17403| [23612] Apache mod_imap referer field cross-site scripting
17404| [23173] Apache Struts error message cross-site scripting
17405| [22942] Apache Tomcat directory listing denial of service
17406| [22858] Apache Multi-Processing Module code allows denial of service
17407| [22602] RHSA-2005:582 updates for Apache httpd not installed
17408| [22520] Apache mod-auth-shadow "
17409| [22466] ApacheTop symlink
17410| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
17411| [22006] Apache HTTP Server byte-range filter denial of service
17412| [21567] Apache mod_ssl off-by-one buffer overflow
17413| [21195] Apache HTTP Server header HTTP request smuggling
17414| [20383] Apache HTTP Server htdigest buffer overflow
17415| [19681] Apache Tomcat AJP12 request denial of service
17416| [18993] Apache HTTP server check_forensic symlink attack
17417| [18790] Apache Tomcat Manager cross-site scripting
17418| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
17419| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
17420| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
17421| [17961] Apache Web server ServerTokens has not been set
17422| [17930] Apache HTTP Server HTTP GET request denial of service
17423| [17785] Apache mod_include module buffer overflow
17424| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
17425| [17473] Apache HTTP Server Satisfy directive allows access to resources
17426| [17413] Apache htpasswd buffer overflow
17427| [17384] Apache HTTP Server environment variable configuration file buffer overflow
17428| [17382] Apache HTTP Server IPv6 apr_util denial of service
17429| [17366] Apache HTTP Server mod_dav module LOCK denial of service
17430| [17273] Apache HTTP Server speculative mode denial of service
17431| [17200] Apache HTTP Server mod_ssl denial of service
17432| [16890] Apache HTTP Server server-info request has been detected
17433| [16889] Apache HTTP Server server-status request has been detected
17434| [16705] Apache mod_ssl format string attack
17435| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
17436| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
17437| [16230] Apache HTTP Server PHP denial of service
17438| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
17439| [15958] Apache HTTP Server authentication modules memory corruption
17440| [15547] Apache HTTP Server mod_disk_cache local information disclosure
17441| [15540] Apache HTTP Server socket starvation denial of service
17442| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
17443| [15422] Apache HTTP Server mod_access information disclosure
17444| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
17445| [15293] Apache for Cygwin "
17446| [15065] Apache-SSL has a default password
17447| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
17448| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
17449| [14751] Apache Mod_python output filter information disclosure
17450| [14125] Apache HTTP Server mod_userdir module information disclosure
17451| [14075] Apache HTTP Server mod_php file descriptor leak
17452| [13703] Apache HTTP Server account
17453| [13689] Apache HTTP Server configuration allows symlinks
17454| [13688] Apache HTTP Server configuration allows SSI
17455| [13687] Apache HTTP Server Server: header value
17456| [13685] Apache HTTP Server ServerTokens value
17457| [13684] Apache HTTP Server ServerSignature value
17458| [13672] Apache HTTP Server config allows directory autoindexing
17459| [13671] Apache HTTP Server default content
17460| [13670] Apache HTTP Server config file directive references outside content root
17461| [13668] Apache HTTP Server httpd not running in chroot environment
17462| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
17463| [13664] Apache HTTP Server config file contains ScriptAlias entry
17464| [13663] Apache HTTP Server CGI support modules loaded
17465| [13661] Apache HTTP Server config file contains AddHandler entry
17466| [13660] Apache HTTP Server 500 error page not CGI script
17467| [13659] Apache HTTP Server 413 error page not CGI script
17468| [13658] Apache HTTP Server 403 error page not CGI script
17469| [13657] Apache HTTP Server 401 error page not CGI script
17470| [13552] Apache HTTP Server mod_cgid module information disclosure
17471| [13550] Apache GET request directory traversal
17472| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
17473| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
17474| [13429] Apache Tomcat non-HTTP request denial of service
17475| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
17476| [13295] Apache weak password encryption
17477| [13254] Apache Tomcat .jsp cross-site scripting
17478| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
17479| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
17480| [12681] Apache HTTP Server mod_proxy could allow mail relaying
17481| [12662] Apache HTTP Server rotatelogs denial of service
17482| [12554] Apache Tomcat stores password in plain text
17483| [12553] Apache HTTP Server redirects and subrequests denial of service
17484| [12552] Apache HTTP Server FTP proxy server denial of service
17485| [12551] Apache HTTP Server prefork MPM denial of service
17486| [12550] Apache HTTP Server weaker than expected encryption
17487| [12549] Apache HTTP Server type-map file denial of service
17488| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
17489| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
17490| [12091] Apache HTTP Server apr_password_validate denial of service
17491| [12090] Apache HTTP Server apr_psprintf code execution
17492| [11804] Apache HTTP Server mod_access_referer denial of service
17493| [11750] Apache HTTP Server could leak sensitive file descriptors
17494| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
17495| [11703] Apache long slash path allows directory listing
17496| [11695] Apache HTTP Server LF (Line Feed) denial of service
17497| [11694] Apache HTTP Server filestat.c denial of service
17498| [11438] Apache HTTP Server MIME message boundaries information disclosure
17499| [11412] Apache HTTP Server error log terminal escape sequence injection
17500| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
17501| [11195] Apache Tomcat web.xml could be used to read files
17502| [11194] Apache Tomcat URL appended with a null character could list directories
17503| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
17504| [11126] Apache HTTP Server illegal character file disclosure
17505| [11125] Apache HTTP Server DOS device name HTTP POST code execution
17506| [11124] Apache HTTP Server DOS device name denial of service
17507| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
17508| [10938] Apache HTTP Server printenv test CGI cross-site scripting
17509| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
17510| [10575] Apache mod_php module could allow an attacker to take over the httpd process
17511| [10499] Apache HTTP Server WebDAV HTTP POST view source
17512| [10457] Apache HTTP Server mod_ssl "
17513| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
17514| [10414] Apache HTTP Server htdigest multiple buffer overflows
17515| [10413] Apache HTTP Server htdigest temporary file race condition
17516| [10412] Apache HTTP Server htpasswd temporary file race condition
17517| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
17518| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
17519| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
17520| [10280] Apache HTTP Server shared memory scorecard overwrite
17521| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
17522| [10241] Apache HTTP Server Host: header cross-site scripting
17523| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
17524| [10208] Apache HTTP Server mod_dav denial of service
17525| [10206] HP VVOS Apache mod_ssl denial of service
17526| [10200] Apache HTTP Server stderr denial of service
17527| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
17528| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
17529| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
17530| [10098] Slapper worm targets OpenSSL/Apache systems
17531| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
17532| [9875] Apache HTTP Server .var file request could disclose installation path
17533| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
17534| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
17535| [9623] Apache HTTP Server ap_log_rerror() path disclosure
17536| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
17537| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
17538| [9396] Apache Tomcat null character to threads denial of service
17539| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
17540| [9249] Apache HTTP Server chunked encoding heap buffer overflow
17541| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
17542| [8932] Apache Tomcat example class information disclosure
17543| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
17544| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
17545| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
17546| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
17547| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
17548| [8400] Apache HTTP Server mod_frontpage buffer overflows
17549| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
17550| [8308] Apache "
17551| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
17552| [8119] Apache and PHP OPTIONS request reveals "
17553| [8054] Apache is running on the system
17554| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
17555| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
17556| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
17557| [7836] Apache HTTP Server log directory denial of service
17558| [7815] Apache for Windows "
17559| [7810] Apache HTTP request could result in unexpected behavior
17560| [7599] Apache Tomcat reveals installation path
17561| [7494] Apache "
17562| [7419] Apache Web Server could allow remote attackers to overwrite .log files
17563| [7363] Apache Web Server hidden HTTP requests
17564| [7249] Apache mod_proxy denial of service
17565| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
17566| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
17567| [7059] Apache "
17568| [7057] Apache "
17569| [7056] Apache "
17570| [7055] Apache "
17571| [7054] Apache "
17572| [6997] Apache Jakarta Tomcat error message may reveal information
17573| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
17574| [6970] Apache crafted HTTP request could reveal the internal IP address
17575| [6921] Apache long slash path allows directory listing
17576| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
17577| [6527] Apache Web Server for Windows and OS2 denial of service
17578| [6316] Apache Jakarta Tomcat may reveal JSP source code
17579| [6305] Apache Jakarta Tomcat directory traversal
17580| [5926] Linux Apache symbolic link
17581| [5659] Apache Web server discloses files when used with php script
17582| [5310] Apache mod_rewrite allows attacker to view arbitrary files
17583| [5204] Apache WebDAV directory listings
17584| [5197] Apache Web server reveals CGI script source code
17585| [5160] Apache Jakarta Tomcat default installation
17586| [5099] Trustix Secure Linux installs Apache with world writable access
17587| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
17588| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
17589| [4931] Apache source.asp example file allows users to write to files
17590| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
17591| [4205] Apache Jakarta Tomcat delivers file contents
17592| [2084] Apache on Debian by default serves the /usr/doc directory
17593| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
17594| [697] Apache HTTP server beck exploit
17595| [331] Apache cookies buffer overflow
17596|
17597| Exploit-DB - https://www.exploit-db.com:
17598| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
17599| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
17600| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
17601| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
17602| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
17603| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
17604| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
17605| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
17606| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
17607| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
17608| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
17609| [29859] Apache Roller OGNL Injection
17610| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
17611| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
17612| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
17613| [29290] Apache / PHP 5.x Remote Code Execution Exploit
17614| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
17615| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
17616| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
17617| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
17618| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
17619| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
17620| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
17621| [27096] Apache Geronimo 1.0 Error Page XSS
17622| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
17623| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
17624| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
17625| [25986] Plesk Apache Zeroday Remote Exploit
17626| [25980] Apache Struts includeParams Remote Code Execution
17627| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
17628| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
17629| [24874] Apache Struts ParametersInterceptor Remote Code Execution
17630| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
17631| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
17632| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
17633| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
17634| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
17635| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
17636| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
17637| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
17638| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
17639| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
17640| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
17641| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
17642| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
17643| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
17644| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
17645| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
17646| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
17647| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
17648| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
17649| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
17650| [21719] Apache 2.0 Path Disclosure Vulnerability
17651| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
17652| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
17653| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
17654| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
17655| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
17656| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
17657| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
17658| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
17659| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
17660| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
17661| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
17662| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
17663| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
17664| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
17665| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
17666| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
17667| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
17668| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
17669| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
17670| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
17671| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
17672| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
17673| [20558] Apache 1.2 Web Server DoS Vulnerability
17674| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
17675| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
17676| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
17677| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
17678| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
17679| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
17680| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
17681| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
17682| [19231] PHP apache_request_headers Function Buffer Overflow
17683| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
17684| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
17685| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
17686| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
17687| [18442] Apache httpOnly Cookie Disclosure
17688| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
17689| [18221] Apache HTTP Server Denial of Service
17690| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17691| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
17692| [17691] Apache Struts < 2.2.0 - Remote Command Execution
17693| [16798] Apache mod_jk 1.2.20 Buffer Overflow
17694| [16782] Apache Win32 Chunked Encoding
17695| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
17696| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
17697| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
17698| [15319] Apache 2.2 (Windows) Local Denial of Service
17699| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
17700| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17701| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
17702| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
17703| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
17704| [12330] Apache OFBiz - Multiple XSS
17705| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
17706| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
17707| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
17708| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
17709| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
17710| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
17711| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
17712| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
17713| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17714| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
17715| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
17716| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
17717| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17718| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
17719| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
17720| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
17721| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
17722| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
17723| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
17724| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
17725| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
17726| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
17727| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
17728| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
17729| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
17730| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
17731| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
17732| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
17733| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
17734| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
17735| [466] htpasswd Apache 1.3.31 - Local Exploit
17736| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
17737| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
17738| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
17739| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
17740| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
17741| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
17742| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
17743| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
17744| [9] Apache HTTP Server 2.x Memory Leak Exploit
17745|
17746| OpenVAS (Nessus) - http://www.openvas.org:
17747| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
17748| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
17749| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
17750| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
17751| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
17752| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
17753| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
17754| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
17755| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
17756| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
17757| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
17758| [900571] Apache APR-Utils Version Detection
17759| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
17760| [900496] Apache Tiles Multiple XSS Vulnerability
17761| [900493] Apache Tiles Version Detection
17762| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
17763| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
17764| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
17765| [870175] RedHat Update for apache RHSA-2008:0004-01
17766| [864591] Fedora Update for apache-poi FEDORA-2012-10835
17767| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
17768| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
17769| [864250] Fedora Update for apache-poi FEDORA-2012-7683
17770| [864249] Fedora Update for apache-poi FEDORA-2012-7686
17771| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
17772| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
17773| [855821] Solaris Update for Apache 1.3 122912-19
17774| [855812] Solaris Update for Apache 1.3 122911-19
17775| [855737] Solaris Update for Apache 1.3 122911-17
17776| [855731] Solaris Update for Apache 1.3 122912-17
17777| [855695] Solaris Update for Apache 1.3 122911-16
17778| [855645] Solaris Update for Apache 1.3 122912-16
17779| [855587] Solaris Update for kernel update and Apache 108529-29
17780| [855566] Solaris Update for Apache 116973-07
17781| [855531] Solaris Update for Apache 116974-07
17782| [855524] Solaris Update for Apache 2 120544-14
17783| [855494] Solaris Update for Apache 1.3 122911-15
17784| [855478] Solaris Update for Apache Security 114145-11
17785| [855472] Solaris Update for Apache Security 113146-12
17786| [855179] Solaris Update for Apache 1.3 122912-15
17787| [855147] Solaris Update for kernel update and Apache 108528-29
17788| [855077] Solaris Update for Apache 2 120543-14
17789| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
17790| [850088] SuSE Update for apache2 SUSE-SA:2007:061
17791| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
17792| [841209] Ubuntu Update for apache2 USN-1627-1
17793| [840900] Ubuntu Update for apache2 USN-1368-1
17794| [840798] Ubuntu Update for apache2 USN-1259-1
17795| [840734] Ubuntu Update for apache2 USN-1199-1
17796| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
17797| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
17798| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
17799| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
17800| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
17801| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
17802| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
17803| [835253] HP-UX Update for Apache Web Server HPSBUX02645
17804| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
17805| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
17806| [835236] HP-UX Update for Apache with PHP HPSBUX02543
17807| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
17808| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
17809| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
17810| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
17811| [835188] HP-UX Update for Apache HPSBUX02308
17812| [835181] HP-UX Update for Apache With PHP HPSBUX02332
17813| [835180] HP-UX Update for Apache with PHP HPSBUX02342
17814| [835172] HP-UX Update for Apache HPSBUX02365
17815| [835168] HP-UX Update for Apache HPSBUX02313
17816| [835148] HP-UX Update for Apache HPSBUX01064
17817| [835139] HP-UX Update for Apache with PHP HPSBUX01090
17818| [835131] HP-UX Update for Apache HPSBUX00256
17819| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
17820| [835104] HP-UX Update for Apache HPSBUX00224
17821| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
17822| [835101] HP-UX Update for Apache HPSBUX01232
17823| [835080] HP-UX Update for Apache HPSBUX02273
17824| [835078] HP-UX Update for ApacheStrong HPSBUX00255
17825| [835044] HP-UX Update for Apache HPSBUX01019
17826| [835040] HP-UX Update for Apache PHP HPSBUX00207
17827| [835025] HP-UX Update for Apache HPSBUX00197
17828| [835023] HP-UX Update for Apache HPSBUX01022
17829| [835022] HP-UX Update for Apache HPSBUX02292
17830| [835005] HP-UX Update for Apache HPSBUX02262
17831| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
17832| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
17833| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
17834| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
17835| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
17836| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
17837| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
17838| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
17839| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
17840| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
17841| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
17842| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
17843| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
17844| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
17845| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
17846| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
17847| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
17848| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
17849| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
17850| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
17851| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
17852| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
17853| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
17854| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
17855| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
17856| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
17857| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
17858| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
17859| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
17860| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
17861| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
17862| [801942] Apache Archiva Multiple Vulnerabilities
17863| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
17864| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
17865| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
17866| [801284] Apache Derby Information Disclosure Vulnerability
17867| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
17868| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
17869| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
17870| [800680] Apache APR Version Detection
17871| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
17872| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
17873| [800677] Apache Roller Version Detection
17874| [800279] Apache mod_jk Module Version Detection
17875| [800278] Apache Struts Cross Site Scripting Vulnerability
17876| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
17877| [800276] Apache Struts Version Detection
17878| [800271] Apache Struts Directory Traversal Vulnerability
17879| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
17880| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
17881| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
17882| [103122] Apache Web Server ETag Header Information Disclosure Weakness
17883| [103074] Apache Continuum Cross Site Scripting Vulnerability
17884| [103073] Apache Continuum Detection
17885| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
17886| [101023] Apache Open For Business Weak Password security check
17887| [101020] Apache Open For Business HTML injection vulnerability
17888| [101019] Apache Open For Business service detection
17889| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
17890| [100923] Apache Archiva Detection
17891| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
17892| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
17893| [100813] Apache Axis2 Detection
17894| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
17895| [100795] Apache Derby Detection
17896| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
17897| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
17898| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
17899| [100514] Apache Multiple Security Vulnerabilities
17900| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
17901| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
17902| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
17903| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17904| [72626] Debian Security Advisory DSA 2579-1 (apache2)
17905| [72612] FreeBSD Ports: apache22
17906| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
17907| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
17908| [71512] FreeBSD Ports: apache
17909| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
17910| [71256] Debian Security Advisory DSA 2452-1 (apache2)
17911| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
17912| [70737] FreeBSD Ports: apache
17913| [70724] Debian Security Advisory DSA 2405-1 (apache2)
17914| [70600] FreeBSD Ports: apache
17915| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
17916| [70235] Debian Security Advisory DSA 2298-2 (apache2)
17917| [70233] Debian Security Advisory DSA 2298-1 (apache2)
17918| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
17919| [69338] Debian Security Advisory DSA 2202-1 (apache2)
17920| [67868] FreeBSD Ports: apache
17921| [66816] FreeBSD Ports: apache
17922| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
17923| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
17924| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
17925| [66081] SLES11: Security update for Apache 2
17926| [66074] SLES10: Security update for Apache 2
17927| [66070] SLES9: Security update for Apache 2
17928| [65998] SLES10: Security update for apache2-mod_python
17929| [65893] SLES10: Security update for Apache 2
17930| [65888] SLES10: Security update for Apache 2
17931| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
17932| [65510] SLES9: Security update for Apache 2
17933| [65472] SLES9: Security update for Apache
17934| [65467] SLES9: Security update for Apache
17935| [65450] SLES9: Security update for apache2
17936| [65390] SLES9: Security update for Apache2
17937| [65363] SLES9: Security update for Apache2
17938| [65309] SLES9: Security update for Apache and mod_ssl
17939| [65296] SLES9: Security update for webdav apache module
17940| [65283] SLES9: Security update for Apache2
17941| [65249] SLES9: Security update for Apache 2
17942| [65230] SLES9: Security update for Apache 2
17943| [65228] SLES9: Security update for Apache 2
17944| [65212] SLES9: Security update for apache2-mod_python
17945| [65209] SLES9: Security update for apache2-worker
17946| [65207] SLES9: Security update for Apache 2
17947| [65168] SLES9: Security update for apache2-mod_python
17948| [65142] SLES9: Security update for Apache2
17949| [65136] SLES9: Security update for Apache 2
17950| [65132] SLES9: Security update for apache
17951| [65131] SLES9: Security update for Apache 2 oes/CORE
17952| [65113] SLES9: Security update for apache2
17953| [65072] SLES9: Security update for apache and mod_ssl
17954| [65017] SLES9: Security update for Apache 2
17955| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
17956| [64783] FreeBSD Ports: apache
17957| [64774] Ubuntu USN-802-2 (apache2)
17958| [64653] Ubuntu USN-813-2 (apache2)
17959| [64559] Debian Security Advisory DSA 1834-2 (apache2)
17960| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
17961| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
17962| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
17963| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
17964| [64443] Ubuntu USN-802-1 (apache2)
17965| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
17966| [64423] Debian Security Advisory DSA 1834-1 (apache2)
17967| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
17968| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
17969| [64251] Debian Security Advisory DSA 1816-1 (apache2)
17970| [64201] Ubuntu USN-787-1 (apache2)
17971| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
17972| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
17973| [63565] FreeBSD Ports: apache
17974| [63562] Ubuntu USN-731-1 (apache2)
17975| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
17976| [61185] FreeBSD Ports: apache
17977| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
17978| [60387] Slackware Advisory SSA:2008-045-02 apache
17979| [58826] FreeBSD Ports: apache-tomcat
17980| [58825] FreeBSD Ports: apache-tomcat
17981| [58804] FreeBSD Ports: apache
17982| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
17983| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
17984| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
17985| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
17986| [57335] Debian Security Advisory DSA 1167-1 (apache)
17987| [57201] Debian Security Advisory DSA 1131-1 (apache)
17988| [57200] Debian Security Advisory DSA 1132-1 (apache2)
17989| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
17990| [57145] FreeBSD Ports: apache
17991| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
17992| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
17993| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
17994| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
17995| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
17996| [56067] FreeBSD Ports: apache
17997| [55803] Slackware Advisory SSA:2005-310-04 apache
17998| [55519] Debian Security Advisory DSA 839-1 (apachetop)
17999| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
18000| [55355] FreeBSD Ports: apache
18001| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
18002| [55261] Debian Security Advisory DSA 805-1 (apache2)
18003| [55259] Debian Security Advisory DSA 803-1 (apache)
18004| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
18005| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
18006| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
18007| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
18008| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
18009| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
18010| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
18011| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
18012| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
18013| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
18014| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
18015| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
18016| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
18017| [54439] FreeBSD Ports: apache
18018| [53931] Slackware Advisory SSA:2004-133-01 apache
18019| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
18020| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
18021| [53878] Slackware Advisory SSA:2003-308-01 apache security update
18022| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
18023| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
18024| [53848] Debian Security Advisory DSA 131-1 (apache)
18025| [53784] Debian Security Advisory DSA 021-1 (apache)
18026| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
18027| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
18028| [53735] Debian Security Advisory DSA 187-1 (apache)
18029| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
18030| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
18031| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
18032| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
18033| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
18034| [53282] Debian Security Advisory DSA 594-1 (apache)
18035| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
18036| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
18037| [53215] Debian Security Advisory DSA 525-1 (apache)
18038| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
18039| [52529] FreeBSD Ports: apache+ssl
18040| [52501] FreeBSD Ports: apache
18041| [52461] FreeBSD Ports: apache
18042| [52390] FreeBSD Ports: apache
18043| [52389] FreeBSD Ports: apache
18044| [52388] FreeBSD Ports: apache
18045| [52383] FreeBSD Ports: apache
18046| [52339] FreeBSD Ports: apache+mod_ssl
18047| [52331] FreeBSD Ports: apache
18048| [52329] FreeBSD Ports: ru-apache+mod_ssl
18049| [52314] FreeBSD Ports: apache
18050| [52310] FreeBSD Ports: apache
18051| [15588] Detect Apache HTTPS
18052| [15555] Apache mod_proxy content-length buffer overflow
18053| [15554] Apache mod_include priviledge escalation
18054| [14771] Apache <= 1.3.33 htpasswd local overflow
18055| [14177] Apache mod_access rule bypass
18056| [13644] Apache mod_rootme Backdoor
18057| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
18058| [12280] Apache Connection Blocking Denial of Service
18059| [12239] Apache Error Log Escape Sequence Injection
18060| [12123] Apache Tomcat source.jsp malformed request information disclosure
18061| [12085] Apache Tomcat servlet/JSP container default files
18062| [11438] Apache Tomcat Directory Listing and File disclosure
18063| [11204] Apache Tomcat Default Accounts
18064| [11092] Apache 2.0.39 Win32 directory traversal
18065| [11046] Apache Tomcat TroubleShooter Servlet Installed
18066| [11042] Apache Tomcat DOS Device Name XSS
18067| [11041] Apache Tomcat /servlet Cross Site Scripting
18068| [10938] Apache Remote Command Execution via .bat files
18069| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
18070| [10773] MacOS X Finder reveals contents of Apache Web files
18071| [10766] Apache UserDir Sensitive Information Disclosure
18072| [10756] MacOS X Finder reveals contents of Apache Web directories
18073| [10752] Apache Auth Module SQL Insertion Attack
18074| [10704] Apache Directory Listing
18075| [10678] Apache /server-info accessible
18076| [10677] Apache /server-status accessible
18077| [10440] Check for Apache Multiple / vulnerability
18078|
18079| SecurityTracker - https://www.securitytracker.com:
18080| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
18081| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
18082| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
18083| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
18084| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
18085| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
18086| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
18087| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
18088| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
18089| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
18090| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
18091| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
18092| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
18093| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
18094| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
18095| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
18096| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
18097| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
18098| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
18099| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
18100| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
18101| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
18102| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
18103| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
18104| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
18105| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
18106| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
18107| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
18108| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
18109| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
18110| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
18111| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
18112| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
18113| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
18114| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
18115| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
18116| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
18117| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
18118| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
18119| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
18120| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
18121| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
18122| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
18123| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
18124| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
18125| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
18126| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
18127| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
18128| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
18129| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
18130| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
18131| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
18132| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
18133| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
18134| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
18135| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
18136| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
18137| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
18138| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
18139| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
18140| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
18141| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
18142| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
18143| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
18144| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
18145| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
18146| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
18147| [1024096] Apache mod_proxy_http May Return Results for a Different Request
18148| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
18149| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
18150| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
18151| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
18152| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
18153| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
18154| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
18155| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
18156| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
18157| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
18158| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
18159| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
18160| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
18161| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
18162| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
18163| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
18164| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
18165| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
18166| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
18167| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
18168| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
18169| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
18170| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
18171| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
18172| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
18173| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
18174| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
18175| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
18176| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
18177| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
18178| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
18179| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
18180| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
18181| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
18182| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
18183| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
18184| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
18185| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
18186| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
18187| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
18188| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
18189| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
18190| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
18191| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
18192| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
18193| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
18194| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
18195| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
18196| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
18197| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
18198| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
18199| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
18200| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
18201| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
18202| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
18203| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
18204| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
18205| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
18206| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
18207| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
18208| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
18209| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
18210| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
18211| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
18212| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
18213| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
18214| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
18215| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
18216| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
18217| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
18218| [1008920] Apache mod_digest May Validate Replayed Client Responses
18219| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
18220| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
18221| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
18222| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
18223| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
18224| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
18225| [1008030] Apache mod_rewrite Contains a Buffer Overflow
18226| [1008029] Apache mod_alias Contains a Buffer Overflow
18227| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
18228| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
18229| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
18230| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
18231| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
18232| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
18233| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
18234| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
18235| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
18236| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
18237| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
18238| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
18239| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
18240| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
18241| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
18242| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
18243| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
18244| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
18245| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
18246| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
18247| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
18248| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
18249| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
18250| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
18251| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
18252| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
18253| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
18254| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
18255| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
18256| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
18257| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
18258| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
18259| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
18260| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
18261| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
18262| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
18263| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
18264| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
18265| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
18266| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
18267| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
18268| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
18269| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
18270| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
18271| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
18272| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
18273| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
18274| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
18275| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
18276| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
18277| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
18278| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
18279| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
18280| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
18281| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
18282| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
18283|
18284| OSVDB - http://www.osvdb.org:
18285| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
18286| [96077] Apache CloudStack Global Settings Multiple Field XSS
18287| [96076] Apache CloudStack Instances Menu Display Name Field XSS
18288| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
18289| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
18290| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
18291| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
18292| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
18293| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
18294| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
18295| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
18296| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
18297| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
18298| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
18299| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
18300| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
18301| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
18302| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
18303| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
18304| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
18305| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
18306| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
18307| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
18308| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
18309| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
18310| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
18311| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
18312| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
18313| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
18314| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
18315| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
18316| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
18317| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
18318| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
18319| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
18320| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
18321| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
18322| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
18323| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
18324| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
18325| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
18326| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
18327| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
18328| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
18329| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
18330| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
18331| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
18332| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
18333| [94279] Apache Qpid CA Certificate Validation Bypass
18334| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
18335| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
18336| [94042] Apache Axis JAX-WS Java Unspecified Exposure
18337| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
18338| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
18339| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
18340| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
18341| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
18342| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
18343| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
18344| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
18345| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
18346| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
18347| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
18348| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
18349| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
18350| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
18351| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
18352| [93541] Apache Solr json.wrf Callback XSS
18353| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
18354| [93521] Apache jUDDI Security API Token Session Persistence Weakness
18355| [93520] Apache CloudStack Default SSL Key Weakness
18356| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
18357| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
18358| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
18359| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
18360| [93515] Apache HBase table.jsp name Parameter XSS
18361| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
18362| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
18363| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
18364| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
18365| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
18366| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
18367| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
18368| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
18369| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
18370| [93252] Apache Tomcat FORM Authenticator Session Fixation
18371| [93172] Apache Camel camel/endpoints/ Endpoint XSS
18372| [93171] Apache Sling HtmlResponse Error Message XSS
18373| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
18374| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
18375| [93168] Apache Click ErrorReport.java id Parameter XSS
18376| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
18377| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
18378| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
18379| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
18380| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
18381| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
18382| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
18383| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
18384| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
18385| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
18386| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
18387| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
18388| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
18389| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
18390| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
18391| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
18392| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
18393| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
18394| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
18395| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
18396| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
18397| [93144] Apache Solr Admin Command Execution CSRF
18398| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
18399| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
18400| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
18401| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
18402| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
18403| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
18404| [92748] Apache CloudStack VM Console Access Restriction Bypass
18405| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
18406| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
18407| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
18408| [92706] Apache ActiveMQ Debug Log Rendering XSS
18409| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
18410| [92270] Apache Tomcat Unspecified CSRF
18411| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
18412| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
18413| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
18414| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
18415| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
18416| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
18417| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
18418| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
18419| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
18420| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
18421| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
18422| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
18423| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
18424| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
18425| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
18426| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
18427| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
18428| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
18429| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
18430| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
18431| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
18432| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
18433| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
18434| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
18435| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
18436| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
18437| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
18438| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
18439| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
18440| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
18441| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
18442| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
18443| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
18444| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
18445| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
18446| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
18447| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
18448| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
18449| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
18450| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
18451| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
18452| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
18453| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
18454| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
18455| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
18456| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
18457| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
18458| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
18459| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
18460| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
18461| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
18462| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
18463| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
18464| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
18465| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
18466| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
18467| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
18468| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
18469| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
18470| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
18471| [86901] Apache Tomcat Error Message Path Disclosure
18472| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
18473| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
18474| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
18475| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
18476| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
18477| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
18478| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
18479| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
18480| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
18481| [85430] Apache mod_pagespeed Module Unspecified XSS
18482| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
18483| [85249] Apache Wicket Unspecified XSS
18484| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
18485| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
18486| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
18487| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
18488| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
18489| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
18490| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
18491| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
18492| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
18493| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
18494| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
18495| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
18496| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
18497| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
18498| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
18499| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
18500| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
18501| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
18502| [83339] Apache Roller Blogger Roll Unspecified XSS
18503| [83270] Apache Roller Unspecified Admin Action CSRF
18504| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
18505| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
18506| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
18507| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
18508| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
18509| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
18510| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
18511| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
18512| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
18513| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
18514| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
18515| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
18516| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
18517| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
18518| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
18519| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
18520| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
18521| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
18522| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
18523| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
18524| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
18525| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
18526| [80300] Apache Wicket wicket:pageMapName Parameter XSS
18527| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
18528| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
18529| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
18530| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
18531| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
18532| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
18533| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
18534| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
18535| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
18536| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
18537| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
18538| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
18539| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
18540| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
18541| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
18542| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
18543| [78331] Apache Tomcat Request Object Recycling Information Disclosure
18544| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
18545| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
18546| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
18547| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
18548| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
18549| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
18550| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
18551| [77593] Apache Struts Conversion Error OGNL Expression Injection
18552| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
18553| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
18554| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
18555| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
18556| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
18557| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
18558| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
18559| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
18560| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
18561| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
18562| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
18563| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
18564| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
18565| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
18566| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
18567| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
18568| [74725] Apache Wicket Multi Window Support Unspecified XSS
18569| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
18570| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
18571| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
18572| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
18573| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
18574| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
18575| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
18576| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
18577| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
18578| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
18579| [73644] Apache XML Security Signature Key Parsing Overflow DoS
18580| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
18581| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
18582| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
18583| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
18584| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
18585| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
18586| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
18587| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
18588| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
18589| [73154] Apache Archiva Multiple Unspecified CSRF
18590| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
18591| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
18592| [72238] Apache Struts Action / Method Names <
18593| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
18594| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
18595| [71557] Apache Tomcat HTML Manager Multiple XSS
18596| [71075] Apache Archiva User Management Page XSS
18597| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
18598| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
18599| [70924] Apache Continuum Multiple Admin Function CSRF
18600| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
18601| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
18602| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
18603| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
18604| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
18605| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
18606| [69520] Apache Archiva Administrator Credential Manipulation CSRF
18607| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
18608| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
18609| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
18610| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
18611| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
18612| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
18613| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
18614| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
18615| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
18616| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
18617| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
18618| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
18619| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
18620| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
18621| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
18622| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
18623| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
18624| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
18625| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
18626| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
18627| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
18628| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
18629| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
18630| [65054] Apache ActiveMQ Jetty Error Handler XSS
18631| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
18632| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
18633| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
18634| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
18635| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
18636| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
18637| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
18638| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
18639| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
18640| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
18641| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
18642| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
18643| [63895] Apache HTTP Server mod_headers Unspecified Issue
18644| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
18645| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
18646| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
18647| [63140] Apache Thrift Service Malformed Data Remote DoS
18648| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
18649| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
18650| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
18651| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
18652| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
18653| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
18654| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
18655| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
18656| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
18657| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
18658| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
18659| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
18660| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
18661| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
18662| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
18663| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
18664| [60678] Apache Roller Comment Email Notification Manipulation DoS
18665| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
18666| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
18667| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
18668| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
18669| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
18670| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
18671| [60232] PHP on Apache php.exe Direct Request Remote DoS
18672| [60176] Apache Tomcat Windows Installer Admin Default Password
18673| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
18674| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
18675| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
18676| [59944] Apache Hadoop jobhistory.jsp XSS
18677| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
18678| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
18679| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
18680| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
18681| [59019] Apache mod_python Cookie Salting Weakness
18682| [59018] Apache Harmony Error Message Handling Overflow
18683| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
18684| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
18685| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
18686| [59010] Apache Solr get-file.jsp XSS
18687| [59009] Apache Solr action.jsp XSS
18688| [59008] Apache Solr analysis.jsp XSS
18689| [59007] Apache Solr schema.jsp Multiple Parameter XSS
18690| [59006] Apache Beehive select / checkbox Tag XSS
18691| [59005] Apache Beehive jpfScopeID Global Parameter XSS
18692| [59004] Apache Beehive Error Message XSS
18693| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
18694| [59002] Apache Jetspeed default-page.psml URI XSS
18695| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
18696| [59000] Apache CXF Unsigned Message Policy Bypass
18697| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
18698| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
18699| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
18700| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
18701| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
18702| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
18703| [58993] Apache Hadoop browseBlock.jsp XSS
18704| [58991] Apache Hadoop browseDirectory.jsp XSS
18705| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
18706| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
18707| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
18708| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
18709| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
18710| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
18711| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
18712| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
18713| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
18714| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
18715| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
18716| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
18717| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
18718| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
18719| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
18720| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
18721| [58974] Apache Sling /apps Script User Session Management Access Weakness
18722| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
18723| [58931] Apache Geronimo Cookie Parameters Validation Weakness
18724| [58930] Apache Xalan-C++ XPath Handling Remote DoS
18725| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
18726| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
18727| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
18728| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
18729| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
18730| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
18731| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
18732| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
18733| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
18734| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
18735| [58805] Apache Derby Unauthenticated Database / Admin Access
18736| [58804] Apache Wicket Header Contribution Unspecified Issue
18737| [58803] Apache Wicket Session Fixation
18738| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
18739| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
18740| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
18741| [58799] Apache Tapestry Logging Cleartext Password Disclosure
18742| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
18743| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
18744| [58796] Apache Jetspeed Unsalted Password Storage Weakness
18745| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
18746| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
18747| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
18748| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
18749| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
18750| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
18751| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
18752| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
18753| [58775] Apache JSPWiki preview.jsp action Parameter XSS
18754| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18755| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
18756| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
18757| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
18758| [58770] Apache JSPWiki Group.jsp group Parameter XSS
18759| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
18760| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
18761| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
18762| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
18763| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18764| [58763] Apache JSPWiki Include Tag Multiple Script XSS
18765| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
18766| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
18767| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
18768| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
18769| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
18770| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
18771| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
18772| [58755] Apache Harmony DRLVM Non-public Class Member Access
18773| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
18774| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
18775| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
18776| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
18777| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
18778| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
18779| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
18780| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
18781| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
18782| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
18783| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
18784| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
18785| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
18786| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
18787| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
18788| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
18789| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
18790| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
18791| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
18792| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
18793| [58725] Apache Tapestry Basic String ACL Bypass Weakness
18794| [58724] Apache Roller Logout Functionality Failure Session Persistence
18795| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
18796| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
18797| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
18798| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
18799| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
18800| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
18801| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
18802| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
18803| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
18804| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
18805| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
18806| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
18807| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
18808| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
18809| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
18810| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
18811| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
18812| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
18813| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
18814| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
18815| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
18816| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
18817| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
18818| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
18819| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
18820| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
18821| [58687] Apache Axis Invalid wsdl Request XSS
18822| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
18823| [58685] Apache Velocity Template Designer Privileged Code Execution
18824| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
18825| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
18826| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
18827| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
18828| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
18829| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
18830| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
18831| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
18832| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
18833| [58667] Apache Roller Database Cleartext Passwords Disclosure
18834| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
18835| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
18836| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
18837| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
18838| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
18839| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
18840| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
18841| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
18842| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
18843| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
18844| [56984] Apache Xerces2 Java Malformed XML Input DoS
18845| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
18846| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
18847| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
18848| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
18849| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
18850| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
18851| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
18852| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
18853| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
18854| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
18855| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
18856| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
18857| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
18858| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
18859| [55056] Apache Tomcat Cross-application TLD File Manipulation
18860| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
18861| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
18862| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
18863| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
18864| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
18865| [54589] Apache Jserv Nonexistent JSP Request XSS
18866| [54122] Apache Struts s:a / s:url Tag href Element XSS
18867| [54093] Apache ActiveMQ Web Console JMS Message XSS
18868| [53932] Apache Geronimo Multiple Admin Function CSRF
18869| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
18870| [53930] Apache Geronimo /console/portal/ URI XSS
18871| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
18872| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
18873| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
18874| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
18875| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
18876| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
18877| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
18878| [53380] Apache Struts Unspecified XSS
18879| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
18880| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
18881| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
18882| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
18883| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
18884| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
18885| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
18886| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
18887| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
18888| [51151] Apache Roller Search Function q Parameter XSS
18889| [50482] PHP with Apache php_value Order Unspecified Issue
18890| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
18891| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
18892| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
18893| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
18894| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
18895| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
18896| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
18897| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
18898| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
18899| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
18900| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
18901| [47096] Oracle Weblogic Apache Connector POST Request Overflow
18902| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
18903| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
18904| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
18905| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
18906| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
18907| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
18908| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
18909| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
18910| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
18911| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
18912| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
18913| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
18914| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
18915| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
18916| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
18917| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
18918| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
18919| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
18920| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
18921| [43452] Apache Tomcat HTTP Request Smuggling
18922| [43309] Apache Geronimo LoginModule Login Method Bypass
18923| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
18924| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
18925| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
18926| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
18927| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
18928| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
18929| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
18930| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
18931| [42091] Apache Maven Site Plugin Installation Permission Weakness
18932| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
18933| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
18934| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
18935| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
18936| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
18937| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
18938| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
18939| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
18940| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
18941| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
18942| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
18943| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
18944| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
18945| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
18946| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
18947| [40262] Apache HTTP Server mod_status refresh XSS
18948| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
18949| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
18950| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
18951| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
18952| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
18953| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
18954| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
18955| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
18956| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
18957| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
18958| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
18959| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
18960| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
18961| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
18962| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
18963| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
18964| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
18965| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
18966| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
18967| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
18968| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
18969| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
18970| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
18971| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
18972| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
18973| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
18974| [36080] Apache Tomcat JSP Examples Crafted URI XSS
18975| [36079] Apache Tomcat Manager Uploaded Filename XSS
18976| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
18977| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
18978| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
18979| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
18980| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
18981| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
18982| [34881] Apache Tomcat Malformed Accept-Language Header XSS
18983| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
18984| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
18985| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
18986| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
18987| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
18988| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
18989| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
18990| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
18991| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
18992| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
18993| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
18994| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
18995| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
18996| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
18997| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
18998| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
18999| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
19000| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
19001| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
19002| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
19003| [32724] Apache mod_python _filter_read Freed Memory Disclosure
19004| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
19005| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
19006| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
19007| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
19008| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
19009| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
19010| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
19011| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
19012| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
19013| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
19014| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
19015| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
19016| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
19017| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
19018| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
19019| [24365] Apache Struts Multiple Function Error Message XSS
19020| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
19021| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
19022| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
19023| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
19024| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
19025| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
19026| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
19027| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
19028| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
19029| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
19030| [22459] Apache Geronimo Error Page XSS
19031| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
19032| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
19033| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
19034| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
19035| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
19036| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
19037| [21021] Apache Struts Error Message XSS
19038| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
19039| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
19040| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
19041| [20439] Apache Tomcat Directory Listing Saturation DoS
19042| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
19043| [20285] Apache HTTP Server Log File Control Character Injection
19044| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
19045| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
19046| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
19047| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
19048| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
19049| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
19050| [19821] Apache Tomcat Malformed Post Request Information Disclosure
19051| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
19052| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
19053| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
19054| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
19055| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
19056| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
19057| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
19058| [18233] Apache HTTP Server htdigest user Variable Overfow
19059| [17738] Apache HTTP Server HTTP Request Smuggling
19060| [16586] Apache HTTP Server Win32 GET Overflow DoS
19061| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
19062| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
19063| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
19064| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
19065| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
19066| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
19067| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
19068| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
19069| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
19070| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
19071| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
19072| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
19073| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
19074| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
19075| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
19076| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
19077| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
19078| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
19079| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
19080| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
19081| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
19082| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
19083| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
19084| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
19085| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
19086| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
19087| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
19088| [13304] Apache Tomcat realPath.jsp Path Disclosure
19089| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
19090| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
19091| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
19092| [12848] Apache HTTP Server htdigest realm Variable Overflow
19093| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
19094| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
19095| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
19096| [12557] Apache HTTP Server prefork MPM accept Error DoS
19097| [12233] Apache Tomcat MS-DOS Device Name Request DoS
19098| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
19099| [12231] Apache Tomcat web.xml Arbitrary File Access
19100| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
19101| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
19102| [12178] Apache Jakarta Lucene results.jsp XSS
19103| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
19104| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
19105| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
19106| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
19107| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
19108| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
19109| [10471] Apache Xerces-C++ XML Parser DoS
19110| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
19111| [10068] Apache HTTP Server htpasswd Local Overflow
19112| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
19113| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
19114| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
19115| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
19116| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
19117| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
19118| [9717] Apache HTTP Server mod_cookies Cookie Overflow
19119| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
19120| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
19121| [9714] Apache Authentication Module Threaded MPM DoS
19122| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
19123| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
19124| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
19125| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
19126| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
19127| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
19128| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
19129| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
19130| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
19131| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
19132| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
19133| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
19134| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
19135| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
19136| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
19137| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
19138| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
19139| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
19140| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
19141| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
19142| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
19143| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
19144| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
19145| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
19146| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
19147| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
19148| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
19149| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
19150| [9208] Apache Tomcat .jsp Encoded Newline XSS
19151| [9204] Apache Tomcat ROOT Application XSS
19152| [9203] Apache Tomcat examples Application XSS
19153| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
19154| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
19155| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
19156| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
19157| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
19158| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
19159| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
19160| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
19161| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
19162| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
19163| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
19164| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
19165| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
19166| [7611] Apache HTTP Server mod_alias Local Overflow
19167| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
19168| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
19169| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
19170| [6882] Apache mod_python Malformed Query String Variant DoS
19171| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
19172| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
19173| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
19174| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
19175| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
19176| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
19177| [5526] Apache Tomcat Long .JSP URI Path Disclosure
19178| [5278] Apache Tomcat web.xml Restriction Bypass
19179| [5051] Apache Tomcat Null Character DoS
19180| [4973] Apache Tomcat servlet Mapping XSS
19181| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
19182| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
19183| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
19184| [4568] mod_survey For Apache ENV Tags SQL Injection
19185| [4553] Apache HTTP Server ApacheBench Overflow DoS
19186| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
19187| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
19188| [4383] Apache HTTP Server Socket Race Condition DoS
19189| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
19190| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
19191| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
19192| [4231] Apache Cocoon Error Page Server Path Disclosure
19193| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
19194| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
19195| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
19196| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
19197| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
19198| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
19199| [3322] mod_php for Apache HTTP Server Process Hijack
19200| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
19201| [2885] Apache mod_python Malformed Query String DoS
19202| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
19203| [2733] Apache HTTP Server mod_rewrite Local Overflow
19204| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
19205| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
19206| [2149] Apache::Gallery Privilege Escalation
19207| [2107] Apache HTTP Server mod_ssl Host: Header XSS
19208| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
19209| [1833] Apache HTTP Server Multiple Slash GET Request DoS
19210| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
19211| [872] Apache Tomcat Multiple Default Accounts
19212| [862] Apache HTTP Server SSI Error Page XSS
19213| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
19214| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
19215| [845] Apache Tomcat MSDOS Device XSS
19216| [844] Apache Tomcat Java Servlet Error Page XSS
19217| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
19218| [838] Apache HTTP Server Chunked Encoding Remote Overflow
19219| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
19220| [775] Apache mod_python Module Importing Privilege Function Execution
19221| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
19222| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
19223| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
19224| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
19225| [637] Apache HTTP Server UserDir Directive Username Enumeration
19226| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
19227| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
19228| [562] Apache HTTP Server mod_info /server-info Information Disclosure
19229| [561] Apache Web Servers mod_status /server-status Information Disclosure
19230| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
19231| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
19232| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
19233| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
19234| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
19235| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
19236| [376] Apache Tomcat contextAdmin Arbitrary File Access
19237| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
19238| [222] Apache HTTP Server test-cgi Arbitrary File Access
19239| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
19240| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
19241|_
19242465/tcp open ssl/smtp Exim smtpd 4.92
19243| vulscan: VulDB - https://vuldb.com:
19244| [141327] Exim up to 4.92.1 Backslash privilege escalation
19245| [138827] Exim up to 4.92 Expansion Code Execution
19246| [135932] Exim up to 4.92 privilege escalation
19247| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
19248|
19249| MITRE CVE - https://cve.mitre.org:
19250| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
19251| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
19252| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
19253| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
19254| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
19255| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
19256| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
19257| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
19258| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
19259| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
19260| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
19261| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
19262| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
19263| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
19264| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
19265| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
19266|
19267| SecurityFocus - https://www.securityfocus.com/bid/:
19268| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
19269| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
19270| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
19271| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
19272| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
19273| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
19274| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
19275| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
19276| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
19277| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
19278| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
19279| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
19280| [45308] Exim Crafted Header Remote Code Execution Vulnerability
19281| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
19282| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
19283| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
19284| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
19285| [17110] sa-exim Unauthorized File Access Vulnerability
19286| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
19287| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
19288| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
19289| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
19290| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
19291| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
19292| [6314] Exim Internet Mailer Format String Vulnerability
19293| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
19294| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
19295| [2828] Exim Format String Vulnerability
19296| [1859] Exim Buffer Overflow Vulnerability
19297|
19298| IBM X-Force - https://exchange.xforce.ibmcloud.com:
19299| [84758] Exim sender_address parameter command execution
19300| [84015] Exim command execution
19301| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
19302| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
19303| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
19304| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
19305| [67455] Exim DKIM processing code execution
19306| [67299] Exim dkim_exim_verify_finish() format string
19307| [65028] Exim open_log privilege escalation
19308| [63967] Exim config file privilege escalation
19309| [63960] Exim header buffer overflow
19310| [59043] Exim mail directory privilege escalation
19311| [59042] Exim MBX symlink
19312| [52922] ikiwiki teximg plugin information disclosure
19313| [34265] Exim spamd buffer overflow
19314| [25286] Sa-exim greylistclean.cron file deletion
19315| [22687] RHSA-2005:025 updates for exim not installed
19316| [18901] Exim dns_build_reverse buffer overflow
19317| [18764] Exim spa_base64_to_bits function buffer overflow
19318| [18763] Exim host_aton buffer overflow
19319| [16079] Exim require_verify buffer overflow
19320| [16077] Exim header_check_syntax buffer overflow
19321| [16075] Exim sender_verify buffer overflow
19322| [13067] Exim HELO or EHLO command heap overflow
19323| [10761] Exim daemon.c format string
19324| [8194] Exim configuration file -c command-line argument buffer overflow
19325| [7738] Exim allows attacker to hide commands in localhost names using pipes
19326| [6671] Exim "
19327| [1893] Exim MTA allows local users to gain root privileges
19328|
19329| Exploit-DB - https://www.exploit-db.com:
19330| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
19331| [15725] Exim 4.63 Remote Root Exploit
19332| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
19333| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
19334| [796] Exim <= 4.42 Local Root Exploit
19335| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
19336|
19337| OpenVAS (Nessus) - http://www.openvas.org:
19338| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
19339|
19340| SecurityTracker - https://www.securitytracker.com:
19341| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
19342| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
19343| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
19344| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
19345| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
19346| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
19347| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
19348| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
19349| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
19350| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
19351| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
19352| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
19353|
19354| OSVDB - http://www.osvdb.org:
19355| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
19356| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
19357| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
19358| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
19359| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
19360| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
19361| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
19362| [70696] Exim log.c open_log() Function Local Privilege Escalation
19363| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
19364| [69685] Exim string_format Function Remote Overflow
19365| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
19366| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
19367| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
19368| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
19369| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
19370| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
19371| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
19372| [12726] Exim -be Command Line Option host_aton Function Local Overflow
19373| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
19374| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
19375| [10032] libXpm CreateXImage Function Integer Overflow
19376| [7160] Exim .forward :include: Option Privilege Escalation
19377| [6479] Vexim COOKIE Authentication Credential Disclosure
19378| [6478] Vexim Multiple Parameter SQL Injection
19379| [5930] Exim Parenthesis File Name Filter Bypass
19380| [5897] Exim header_syntax Function Remote Overflow
19381| [5896] Exim sender_verify Function Remote Overflow
19382| [5530] Exim Localhost Name Arbitrary Command Execution
19383| [5330] Exim Configuration File Variable Overflow
19384| [1855] Exim Batched SMTP Mail Header Format String
19385|_
19386587/tcp open smtp Exim smtpd 4.92
19387| vulscan: VulDB - https://vuldb.com:
19388| [141327] Exim up to 4.92.1 Backslash privilege escalation
19389| [138827] Exim up to 4.92 Expansion Code Execution
19390| [135932] Exim up to 4.92 privilege escalation
19391| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
19392|
19393| MITRE CVE - https://cve.mitre.org:
19394| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
19395| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
19396| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
19397| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
19398| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
19399| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
19400| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
19401| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
19402| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
19403| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
19404| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
19405| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
19406| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
19407| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
19408| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
19409| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
19410|
19411| SecurityFocus - https://www.securityfocus.com/bid/:
19412| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
19413| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
19414| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
19415| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
19416| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
19417| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
19418| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
19419| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
19420| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
19421| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
19422| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
19423| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
19424| [45308] Exim Crafted Header Remote Code Execution Vulnerability
19425| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
19426| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
19427| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
19428| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
19429| [17110] sa-exim Unauthorized File Access Vulnerability
19430| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
19431| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
19432| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
19433| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
19434| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
19435| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
19436| [6314] Exim Internet Mailer Format String Vulnerability
19437| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
19438| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
19439| [2828] Exim Format String Vulnerability
19440| [1859] Exim Buffer Overflow Vulnerability
19441|
19442| IBM X-Force - https://exchange.xforce.ibmcloud.com:
19443| [84758] Exim sender_address parameter command execution
19444| [84015] Exim command execution
19445| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
19446| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
19447| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
19448| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
19449| [67455] Exim DKIM processing code execution
19450| [67299] Exim dkim_exim_verify_finish() format string
19451| [65028] Exim open_log privilege escalation
19452| [63967] Exim config file privilege escalation
19453| [63960] Exim header buffer overflow
19454| [59043] Exim mail directory privilege escalation
19455| [59042] Exim MBX symlink
19456| [52922] ikiwiki teximg plugin information disclosure
19457| [34265] Exim spamd buffer overflow
19458| [25286] Sa-exim greylistclean.cron file deletion
19459| [22687] RHSA-2005:025 updates for exim not installed
19460| [18901] Exim dns_build_reverse buffer overflow
19461| [18764] Exim spa_base64_to_bits function buffer overflow
19462| [18763] Exim host_aton buffer overflow
19463| [16079] Exim require_verify buffer overflow
19464| [16077] Exim header_check_syntax buffer overflow
19465| [16075] Exim sender_verify buffer overflow
19466| [13067] Exim HELO or EHLO command heap overflow
19467| [10761] Exim daemon.c format string
19468| [8194] Exim configuration file -c command-line argument buffer overflow
19469| [7738] Exim allows attacker to hide commands in localhost names using pipes
19470| [6671] Exim "
19471| [1893] Exim MTA allows local users to gain root privileges
19472|
19473| Exploit-DB - https://www.exploit-db.com:
19474| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
19475| [15725] Exim 4.63 Remote Root Exploit
19476| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
19477| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
19478| [796] Exim <= 4.42 Local Root Exploit
19479| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
19480|
19481| OpenVAS (Nessus) - http://www.openvas.org:
19482| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
19483|
19484| SecurityTracker - https://www.securitytracker.com:
19485| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
19486| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
19487| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
19488| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
19489| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
19490| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
19491| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
19492| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
19493| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
19494| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
19495| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
19496| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
19497|
19498| OSVDB - http://www.osvdb.org:
19499| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
19500| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
19501| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
19502| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
19503| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
19504| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
19505| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
19506| [70696] Exim log.c open_log() Function Local Privilege Escalation
19507| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
19508| [69685] Exim string_format Function Remote Overflow
19509| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
19510| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
19511| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
19512| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
19513| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
19514| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
19515| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
19516| [12726] Exim -be Command Line Option host_aton Function Local Overflow
19517| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
19518| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
19519| [10032] libXpm CreateXImage Function Integer Overflow
19520| [7160] Exim .forward :include: Option Privilege Escalation
19521| [6479] Vexim COOKIE Authentication Credential Disclosure
19522| [6478] Vexim Multiple Parameter SQL Injection
19523| [5930] Exim Parenthesis File Name Filter Bypass
19524| [5897] Exim header_syntax Function Remote Overflow
19525| [5896] Exim sender_verify Function Remote Overflow
19526| [5530] Exim Localhost Name Arbitrary Command Execution
19527| [5330] Exim Configuration File Variable Overflow
19528| [1855] Exim Batched SMTP Mail Header Format String
19529|_
19530990/tcp closed ftps
19531993/tcp open ssl/imaps?
19532995/tcp open ssl/pop3s?
195333306/tcp open mysql MySQL 5.6.46-cll-lve
19534| vulscan: VulDB - https://vuldb.com:
19535| [138100] Oracle MySQL Server up to 5.6.44/5.7.18 Privileges unknown vulnerability
19536| [138099] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Compiling information disclosure
19537| [138079] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Pluggable Auth denial of service
19538| [138070] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Audit unknown vulnerability
19539| [138067] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 XML denial of service
19540| [138066] Oracle MySQL Server up to 5.6.44/5.7.26/8.0.16 Parser denial of service
19541| [129645] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication denial of service
19542| [129642] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
19543| [129641] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
19544| [129639] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 DDL denial of service
19545| [129630] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Connection Handling denial of service
19546| [129629] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Parser denial of service
19547| [129627] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 PS denial of service
19548| [129626] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Optimizer denial of service
19549| [129624] Oracle MySQL Server up to 5.6.42/5.7.24/8.0.13 Replication unknown vulnerability
19550| [125562] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 RBR denial of service
19551| [125559] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Memcached denial of service
19552| [125548] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 Merge denial of service
19553| [125539] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
19554| [125538] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
19555| [125537] Oracle MySQL Server up to 5.6.41/5.7.23/8.0.12 InnoDB denial of service
19556| [121784] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Memcached denial of service
19557| [121780] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 Installing denial of service
19558| [121774] Oracle MySQL Server up to 5.6.40/5.7.22/8.0.11 InnoDB denial of service
19559|
19560| MITRE CVE - https://cve.mitre.org:
19561| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
19562| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
19563| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
19564| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
19565| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
19566| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
19567| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
19568| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
19569| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
19570| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
19571| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
19572| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
19573| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
19574| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
19575| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
19576| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
19577| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
19578| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
19579| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
19580| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
19581| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
19582| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
19583| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
19584| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
19585| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
19586| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
19587| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
19588| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
19589| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
19590| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
19591| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
19592| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
19593| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
19594| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
19595| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
19596|
19597| SecurityFocus - https://www.securityfocus.com/bid/:
19598| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
19599| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
19600| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
19601| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
19602| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
19603| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
19604| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
19605| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
19606| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
19607| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
19608| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
19609|
19610| IBM X-Force - https://exchange.xforce.ibmcloud.com:
19611| [85724] Oracle MySQL Server XA Transactions denial of service
19612| [85723] Oracle MySQL Server Server Replication denial of service
19613| [85722] Oracle MySQL Server InnoDB denial of service
19614| [85721] Oracle MySQL Server Server Privileges unspecified
19615| [85720] Oracle MySQL Server Server Partition denial of service
19616| [85719] Oracle MySQL Server Server Parser denial of service
19617| [85718] Oracle MySQL Server Server Options denial of service
19618| [85717] Oracle MySQL Server Server Options denial of service
19619| [85716] Oracle MySQL Server Server Optimizer denial of service
19620| [85715] Oracle MySQL Server Server Optimizer denial of service
19621| [85714] Oracle MySQL Server Prepared Statements denial of service
19622| [85713] Oracle MySQL Server InnoDB denial of service
19623| [85712] Oracle MySQL Server Full Text Search denial of service
19624| [85711] Oracle MySQL Server Data Manipulation Language denial of service
19625| [85710] Oracle MySQL Server Data Manipulation Language denial of service
19626| [85709] Oracle MySQL Server Audit Log unspecified
19627| [85708] Oracle MySQL Server MemCached unspecified
19628| [84846] Debian mysql-server package information disclosure
19629| [84375] Wireshark MySQL dissector denial of service
19630| [83554] Oracle MySQL Server Server Partition denial of service
19631| [83553] Oracle MySQL Server Server Locking denial of service
19632| [83552] Oracle MySQL Server Server Install unspecified
19633| [83551] Oracle MySQL Server Server Types denial of service
19634| [83550] Oracle MySQL Server Server Privileges unspecified
19635| [83549] Oracle MySQL Server InnoDB denial of service
19636| [83548] Oracle MySQL Server InnoDB denial of service
19637| [83547] Oracle MySQL Server Data Manipulation Language denial of service
19638| [83546] Oracle MySQL Server Stored Procedure denial of service
19639| [83545] Oracle MySQL Server Server Replication denial of service
19640| [83544] Oracle MySQL Server Server Partition denial of service
19641| [83543] Oracle MySQL Server Server Optimizer denial of service
19642| [83542] Oracle MySQL Server InnoDB denial of service
19643| [83541] Oracle MySQL Server Information Schema denial of service
19644| [83540] Oracle MySQL Server Data Manipulation Language denial of service
19645| [83539] Oracle MySQL Server Data Manipulation Language denial of service
19646| [83538] Oracle MySQL Server Server Optimizer unspecified
19647| [83537] Oracle MySQL Server MemCached denial of service
19648| [83536] Oracle MySQL Server Server Privileges unspecified
19649| [83535] Oracle MySQL Server Server Privileges unspecified
19650| [83534] Oracle MySQL Server Server unspecified
19651| [83533] Oracle MySQL Server Information Schema unspecified
19652| [83532] Oracle MySQL Server Server Locking unspecified
19653| [83531] Oracle MySQL Server Data Manipulation Language denial of service
19654| [83388] MySQL administrative login attempt detected
19655| [82963] Mambo MySQL database information disclosure
19656| [82946] Oracle MySQL buffer overflow
19657| [82945] Oracle MySQL buffer overflow
19658| [82895] Oracle MySQL and MariaDB geometry queries denial of service
19659| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
19660| [81325] Oracle MySQL Server Server Privileges denial of service
19661| [81324] Oracle MySQL Server Server Partition denial of service
19662| [81323] Oracle MySQL Server Server Optimizer denial of service
19663| [81322] Oracle MySQL Server Server Optimizer denial of service
19664| [81321] Oracle MySQL Server Server denial of service
19665| [81320] Oracle MySQL Server MyISAM denial of service
19666| [81319] Oracle MySQL Server InnoDB denial of service
19667| [81318] Oracle MySQL Server InnoDB denial of service
19668| [81317] Oracle MySQL Server Server Locking denial of service
19669| [81316] Oracle MySQL Server Server denial of service
19670| [81315] Oracle MySQL Server Server Replication unspecified
19671| [81314] Oracle MySQL Server Server Replication unspecified
19672| [81313] Oracle MySQL Server Stored Procedure denial of service
19673| [81312] Oracle MySQL Server Server Optimizer denial of service
19674| [81311] Oracle MySQL Server Information Schema denial of service
19675| [81310] Oracle MySQL Server GIS Extension denial of service
19676| [80790] Oracle MySQL yaSSL buffer overflow
19677| [80553] Oracle MySQL and MariaDB salt security bypass
19678| [80443] Oracle MySQL Server unspecified code execution
19679| [80442] Oracle MySQL Server acl_get() buffer overflow
19680| [80440] Oracle MySQL Server table buffer overflow
19681| [80435] Oracle MySQL Server database privilege escalation
19682| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
19683| [80433] Oracle MySQL Server Stuxnet privilege escalation
19684| [80432] Oracle MySQL Server authentication information disclosure
19685| [79394] Oracle MySQL Server Server Installation information disclosure
19686| [79393] Oracle MySQL Server Server Replication denial of service
19687| [79392] Oracle MySQL Server Server Full Text Search denial of service
19688| [79391] Oracle MySQL Server Server denial of service
19689| [79390] Oracle MySQL Server Client information disclosure
19690| [79389] Oracle MySQL Server Server Optimizer denial of service
19691| [79388] Oracle MySQL Server Server Optimizer denial of service
19692| [79387] Oracle MySQL Server Server denial of service
19693| [79386] Oracle MySQL Server InnoDB Plugin denial of service
19694| [79385] Oracle MySQL Server InnoDB denial of service
19695| [79384] Oracle MySQL Server Client unspecified
19696| [79383] Oracle MySQL Server Server denial of service
19697| [79382] Oracle MySQL Server Protocol unspecified
19698| [79381] Oracle MySQL Server Information Schema unspecified
19699| [78954] SilverStripe MySQLDatabase.php information disclosure
19700| [78948] MySQL MyISAM table symlink
19701| [77865] MySQL unknown vuln
19702| [77864] MySQL sort order denial of service
19703| [77768] MySQLDumper refresh_dblist.php information disclosure
19704| [77177] MySQL Squid Access Report unspecified cross-site scripting
19705| [77065] Oracle MySQL Server Optimizer denial of service
19706| [77064] Oracle MySQL Server Optimizer denial of service
19707| [77063] Oracle MySQL Server denial of service
19708| [77062] Oracle MySQL InnoDB denial of service
19709| [77061] Oracle MySQL GIS Extension denial of service
19710| [77060] Oracle MySQL Server Optimizer denial of service
19711| [76189] MySQL unspecified error
19712| [76188] MySQL attempts security bypass
19713| [75287] MySQLDumper restore.php information disclosure
19714| [75286] MySQLDumper filemanagement.php directory traversal
19715| [75285] MySQLDumper main.php cross-site request forgery
19716| [75284] MySQLDumper install.php cross-site scripting
19717| [75283] MySQLDumper install.php file include
19718| [75282] MySQLDumper menu.php code execution
19719| [75022] Oracle MySQL Server Server Optimizer denial of service
19720| [75021] Oracle MySQL Server Server Optimizer denial of service
19721| [75020] Oracle MySQL Server Server DML denial of service
19722| [75019] Oracle MySQL Server Partition denial of service
19723| [75018] Oracle MySQL Server MyISAM denial of service
19724| [75017] Oracle MySQL Server Server Optimizer denial of service
19725| [74672] Oracle MySQL Server multiple unspecified
19726| [73092] MySQL unspecified code execution
19727| [72540] Oracle MySQL Server denial of service
19728| [72539] Oracle MySQL Server unspecified
19729| [72538] Oracle MySQL Server denial of service
19730| [72537] Oracle MySQL Server denial of service
19731| [72536] Oracle MySQL Server unspecified
19732| [72535] Oracle MySQL Server denial of service
19733| [72534] Oracle MySQL Server denial of service
19734| [72533] Oracle MySQL Server denial of service
19735| [72532] Oracle MySQL Server denial of service
19736| [72531] Oracle MySQL Server denial of service
19737| [72530] Oracle MySQL Server denial of service
19738| [72529] Oracle MySQL Server denial of service
19739| [72528] Oracle MySQL Server denial of service
19740| [72527] Oracle MySQL Server denial of service
19741| [72526] Oracle MySQL Server denial of service
19742| [72525] Oracle MySQL Server information disclosure
19743| [72524] Oracle MySQL Server denial of service
19744| [72523] Oracle MySQL Server denial of service
19745| [72522] Oracle MySQL Server denial of service
19746| [72521] Oracle MySQL Server denial of service
19747| [72520] Oracle MySQL Server denial of service
19748| [72519] Oracle MySQL Server denial of service
19749| [72518] Oracle MySQL Server unspecified
19750| [72517] Oracle MySQL Server unspecified
19751| [72516] Oracle MySQL Server unspecified
19752| [72515] Oracle MySQL Server denial of service
19753| [72514] Oracle MySQL Server unspecified
19754| [71965] MySQL port denial of service
19755| [70680] DBD::mysqlPP unspecified SQL injection
19756| [70370] TaskFreak! multi-mysql unspecified path disclosure
19757| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
19758| [68294] MySQLDriverCS statement.cs sql injection
19759| [68175] Prosody MySQL denial of service
19760| [67539] Zend Framework MySQL PDO security bypass
19761| [67254] DirectAdmin MySQL information disclosure
19762| [66567] Xoops mysql.sql information disclosure
19763| [65871] PyWebDAV MySQLAuthHandler class SQL injection
19764| [65543] MySQL Select Arbitrary data into a File
19765| [65529] MySQL Eventum full_name field cross-site scripting
19766| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
19767| [65379] Oracle MySQL Eventum list.php cross-site scripting
19768| [65266] Accellion File Transfer Appliance MySQL default password
19769| [64878] MySQL Geometry denial of service
19770| [64877] MySQL EXPLAIN EXTENDED denial of service
19771| [64876] MySQL prepared statement denial of service
19772| [64845] MySQL extreme-value denial of service
19773| [64844] MySQL Gis_line_string::init_from_wkb denial of service
19774| [64843] MySQL user-variable denial of service
19775| [64842] MySQL view preparation denial of service
19776| [64841] MySQL prepared statement denial of service
19777| [64840] MySQL LONGBLOB denial of service
19778| [64839] MySQL invocations denial of service
19779| [64838] MySQL Gis_line_string::init_from_wkb denial of service
19780| [64689] MySQL dict0crea.c denial of service
19781| [64688] MySQL SET column denial of service
19782| [64687] MySQL BINLOG command denial of service
19783| [64686] MySQL InnoDB denial of service
19784| [64685] MySQL HANDLER interface denial of service
19785| [64684] MySQL Item_singlerow_subselect::store denial of service
19786| [64683] MySQL OK packet denial of service
19787| [63518] MySQL Query Browser GUI Tools information disclosure
19788| [63517] MySQL Administrator GUI Tools information disclosure
19789| [62272] MySQL PolyFromWKB() denial of service
19790| [62269] MySQL LIKE predicates denial of service
19791| [62268] MySQL joins denial of service
19792| [62267] MySQL GREATEST() or LEAST() denial of service
19793| [62266] MySQL GROUP_CONCAT() denial of service
19794| [62265] MySQL expression values denial of service
19795| [62264] MySQL temporary table denial of service
19796| [62263] MySQL LEAST() or GREATEST() denial of service
19797| [62262] MySQL replication privilege escalation
19798| [61739] MySQL WITH ROLLUP denial of service
19799| [61343] MySQL LOAD DATA INFILE denial of service
19800| [61342] MySQL EXPLAIN denial of service
19801| [61341] MySQL HANDLER denial of service
19802| [61340] MySQL BINLOG denial of service
19803| [61339] MySQL IN() or CASE denial of service
19804| [61338] MySQL SET denial of service
19805| [61337] MySQL DDL denial of service
19806| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
19807| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
19808| [61316] PHP php_mysqlnd_auth_write buffer overflow
19809| [61274] MySQL TEMPORARY InnoDB denial of service
19810| [59905] MySQL ALTER DATABASE denial of service
19811| [59841] CMySQLite updateUser.php cross-site request forgery
19812| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
19813| [59075] PHP php_mysqlnd_auth_write() buffer overflow
19814| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
19815| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
19816| [59072] PHP php_mysqlnd_ok_read() information disclosure
19817| [58842] MySQL DROP TABLE file deletion
19818| [58676] Template Shares MySQL information disclosure
19819| [58531] MySQL COM_FIELD_LIST buffer overflow
19820| [58530] MySQL packet denial of service
19821| [58529] MySQL COM_FIELD_LIST security bypass
19822| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
19823| [57925] MySQL UNINSTALL PLUGIN security bypass
19824| [57006] Quicksilver Forums mysqldump information disclosure
19825| [56800] Employee Timeclock Software mysqldump information disclosure
19826| [56200] Flex MySQL Connector ActionScript SQL injection
19827| [55877] MySQL yaSSL buffer overflow
19828| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
19829| [55416] MySQL unspecified buffer overflow
19830| [55382] Ublog UblogMySQL.sql information disclosure
19831| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
19832| [54597] MySQL sql_table.cc security bypass
19833| [54596] MySQL mysqld denial of service
19834| [54365] MySQL OpenSSL security bypass
19835| [54364] MySQL MyISAM table symlink
19836| [53950] The mysql-ocaml mysql_real_escape_string weak security
19837| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
19838| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
19839| [52660] iScouter PHP Web Portal MySQL Password Retrieval
19840| [52220] aa33code mysql.inc information disclosure
19841| [52122] MySQL Connector/J unicode SQL injection
19842| [51614] MySQL dispatch_command() denial of service
19843| [51406] MySQL Connector/NET SSL spoofing
19844| [49202] MySQL UDF command execution
19845| [49050] MySQL XPath denial of service
19846| [48919] Cisco Application Networking Manager MySQL default account password
19847| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
19848| [47544] MySQL Calendar index.php SQL injection
19849| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
19850| [45649] MySQL MyISAM symlink security bypass
19851| [45648] MySQL MyISAM symlinks security bypass
19852| [45607] MySQL Quick Admin actions.php file include
19853| [45606] MySQL Quick Admin index.php file include
19854| [45590] MySQL command-line client cross-site scripting
19855| [45436] PromoteWeb MySQL go.php SQL injection
19856| [45042] MySQL empty bit-string literal denial of service
19857| [44662] mysql-lists unspecified cross-site scripting
19858| [42267] MySQL MyISAM security bypass
19859| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
19860| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
19861| [40920] MySQL sql_select.cc denial of service
19862| [40734] MySQL Server BINLOG privilege escalation
19863| [40350] MySQL password information disclosure
19864| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
19865| [39402] PHP LOCAL INFILE and MySQL extension security bypass
19866| [38999] aurora framework db_mysql.lib SQL injection
19867| [38990] MySQL federated engine denial of service
19868| [38989] MySQL DEFINER value privilege escalation
19869| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
19870| [38964] MySQL RENAME TABLE symlink
19871| [38733] ManageEngine EventLog Analyzer MySQL default password
19872| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
19873| [38189] MySQL default root password
19874| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
19875| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
19876| [36555] PHP MySQL extension multiple functions security bypass
19877| [35960] MySQL view privilege escalation
19878| [35959] MySQL CREATE TABLE LIKE information disclosure
19879| [35958] MySQL connection protocol denial of service
19880| [35291] MySQLDumper main.php security bypass
19881| [34811] MySQL udf_init and mysql_create_function command execution
19882| [34809] MySQL mysql_update privilege escalation
19883| [34349] MySQL ALTER information disclosure
19884| [34348] MySQL mysql_change_db privilege escalation
19885| [34347] MySQL RENAME TABLE weak security
19886| [34232] MySQL IF clause denial of service
19887| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
19888| [33285] Eve-Nuke mysql.php file include
19889| [32957] MySQL Commander dbopen.php file include
19890| [32933] cPanel load_language.php and mysqlconfig.php file include
19891| [32911] MySQL filesort function denial of service
19892| [32462] cPanel passwdmysql cross-site scripting
19893| [32288] RHSA-2006:0544 updates for mysql not installed
19894| [32266] MySQLNewsEngine affichearticles.php3 file include
19895| [31244] The Address Book MySQL export.php password information disclosure
19896| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
19897| [30760] BTSaveMySql URL file disclosure
19898| [30191] StoryStream mysql.php and mysqli.php file include
19899| [30085] MySQL MS-DOS device name denial of service
19900| [30031] Agora MysqlfinderAdmin.php file include
19901| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
19902| [29179] paBugs class.mysql.php file include
19903| [29120] ZoomStats MySQL file include
19904| [28448] MySQL case sensitive database name privilege escalation
19905| [28442] MySQL GRANT EXECUTE privilege escalation
19906| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
19907| [28202] MySQL multiupdate subselect query denial of service
19908| [28180] MySQL MERGE table security bypass
19909| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
19910| [27995] Opsware Network Automation System MySQL plaintext password
19911| [27904] MySQL date_format() format string
19912| [27635] MySQL Instance Manager denial of service
19913| [27212] MySQL SELECT str_to_date denial of service
19914| [26875] MySQL ASCII escaping SQL injection
19915| [26420] Apple Mac OS X MySQL Manager blank password
19916| [26236] MySQL login packet information disclosure
19917| [26232] MySQL COM_TABLE_DUMP buffer overflow
19918| [26228] MySQL sql_parce.cc information disclosure
19919| [26042] MySQL running
19920| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
19921| [24966] MySQL mysql_real_query logging bypass
19922| [24653] PAM-MySQL logging function denial of service
19923| [24652] PAM-MySQL authentication double free code execution
19924| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
19925| [24095] PHP ext/mysqli exception handling format string
19926| [23990] PHP mysql_connect() buffer overflow
19927| [23596] MySQL Auction search module could allow cross-site scripting
19928| [22642] RHSA-2005:334 updates for mysql not installed
19929| [21757] MySQL UDF library functions command execution
19930| [21756] MySQL LoadLibraryEx function denial of service
19931| [21738] MySQL UDF mysql_create_function function directory traversal
19932| [21737] MySQL user defined function buffer overflow
19933| [21640] MySQL Eventum multiple class SQL injection
19934| [21638] MySQL Eventum multiple scripts cross-site scripting
19935| [20984] xmysqladmin temporary file symlink
19936| [20656] MySQL mysql_install_db script symlink
19937| [20333] Plans MySQL password information disclosure
19938| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
19939| [19658] MySQL udf_init function gain access
19940| [19576] auraCMS mysql_fetch_row function path disclosure
19941| [18922] MySQL mysqlaccess script symlink attack
19942| [18824] MySQL UDF root privileges
19943| [18464] mysql_auth unspecified vulnerability
19944| [18449] Sugar Sales plaintext MySQL password
19945| [17783] MySQL underscore allows elevated privileges
19946| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
19947| [17667] MySQL UNION change denial of service
19948| [17666] MySQL ALTER TABLE RENAME bypass restriction
19949| [17493] MySQL libmysqlclient bulk inserts buffer overflow
19950| [17462] MySQLGuest AWSguest.php script cross-site scripting
19951| [17047] MySQL mysql_real_connect buffer overflow
19952| [17030] MySQL mysqlhotcopy insecure temporary file
19953| [16612] MySQL my_rnd buffer overflow
19954| [16604] MySQL check_scramble_323 function allows unauthorized access
19955| [15883] MySQL mysqld_multi script symlink attack
19956| [15617] MySQL mysqlbug script symlink attack
19957| [15417] Confixx db_mysql_loeschen2.php SQL injection
19958| [15280] Proofpoint Protection Server MySQL allows unauthorized access
19959| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
19960| [13153] MySQL long password buffer overflow
19961| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
19962| [12540] Teapop PostSQL and MySQL modules SQL injection
19963| [12337] MySQL mysql_real_connect function buffer overflow
19964| [11510] MySQL datadir/my.cnf modification could allow root privileges
19965| [11493] mysqlcc configuration and connection files are world writable
19966| [11340] SuckBot mod_mysql_logger denial of service
19967| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
19968| [10850] MySQL libmysql client read_one_row buffer overflow
19969| [10849] MySQL libmysql client read_rows buffer overflow
19970| [10848] MySQL COM_CHANGE_USER password buffer overflow
19971| [10847] MySQL COM_CHANGE_USER command password authentication bypass
19972| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
19973| [10483] Bugzilla stores passwords in plain text in the MySQL database
19974| [10455] gBook MySQL could allow administrative access
19975| [10243] MySQL my.ini "
19976| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
19977| [9909] MySQL logging disabled by default on Windows
19978| [9908] MySQL binding to the loopback adapter is disabled
19979| [9902] MySQL default root password could allow unauthorized access
19980| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
19981| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
19982| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
19983| [7206] WinMySQLadmin stores MySQL password in plain text
19984| [6617] MySQL "
19985| [6419] MySQL drop database command buffer overflow
19986| [6418] MySQL libmysqlclient.so buffer overflow
19987| [5969] MySQL select buffer overflow
19988| [5447] pam_mysql authentication input
19989| [5409] MySQL authentication algorithm obtain password hash
19990| [5057] PCCS MySQL Database Admin Tool could reveal username and password
19991| [4228] MySQL unauthenticated remote access
19992| [3849] MySQL default test account could allow any user to connect to the database
19993| [1568] MySQL creates readable log files
19994|
19995| Exploit-DB - https://www.exploit-db.com:
19996| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
19997| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
19998| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
19999| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
20000| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
20001| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
20002| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
20003| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
20004| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
20005| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
20006| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
20007| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
20008| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
20009|
20010| OpenVAS (Nessus) - http://www.openvas.org:
20011| [53251] Debian Security Advisory DSA 562-1 (mysql)
20012| [53230] Debian Security Advisory DSA 540-1 (mysql)
20013|
20014| SecurityTracker - https://www.securitytracker.com:
20015| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
20016| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
20017| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
20018| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
20019| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
20020| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
20021| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
20022| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
20023| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
20024| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
20025| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
20026| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
20027| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
20028| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
20029| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
20030| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
20031| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
20032| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
20033| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
20034| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
20035| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
20036| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
20037| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
20038| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
20039| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
20040| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
20041| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
20042| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
20043| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
20044| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
20045| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
20046| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
20047| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
20048| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
20049| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
20050| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
20051| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
20052| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
20053| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
20054| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
20055| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
20056| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
20057| [1016790] MySQL Replication Error Lets Local Users Deny Service
20058| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
20059| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
20060| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
20061| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
20062| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
20063| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
20064| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
20065| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
20066| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
20067| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
20068| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
20069| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
20070| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
20071| [1014172] xMySQLadmin Lets Local Users Delete Files
20072| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
20073| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
20074| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
20075| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
20076| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
20077| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
20078| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
20079| [1012500] mysql_auth Memory Leak Has Unspecified Impact
20080| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
20081| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
20082| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
20083| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
20084| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
20085| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
20086| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
20087| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
20088| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
20089| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
20090| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
20091| [1007518] DWebPro Discloses MySQL Database Password to Local Users
20092| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
20093| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
20094| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
20095| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
20096| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
20097| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
20098| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
20099| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
20100| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
20101| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
20102| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
20103| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
20104| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
20105|
20106| OSVDB - http://www.osvdb.org:
20107| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
20108| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
20109| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
20110| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
20111| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
20112| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
20113| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
20114| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
20115| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
20116| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
20117| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
20118| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
20119| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
20120| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
20121| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
20122| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
20123| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
20124| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
20125| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
20126| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
20127| [93174] MySQL Crafted Derived Table Handling DoS
20128| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
20129| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
20130| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
20131| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
20132| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
20133| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
20134| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
20135| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
20136| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
20137| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
20138| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
20139| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
20140| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
20141| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
20142| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
20143| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
20144| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
20145| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
20146| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
20147| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
20148| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
20149| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
20150| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
20151| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
20152| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
20153| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
20154| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
20155| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
20156| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
20157| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
20158| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
20159| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
20160| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
20161| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
20162| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
20163| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
20164| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
20165| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
20166| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
20167| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
20168| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
20169| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
20170| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
20171| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
20172| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
20173| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
20174| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
20175| [89042] ViciBox Server MySQL cron Service Default Credentials
20176| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
20177| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
20178| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
20179| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
20180| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
20181| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
20182| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
20183| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
20184| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
20185| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
20186| [87480] MySQL Malformed XML Comment Handling DoS
20187| [87466] MySQL SSL Certificate Revocation Weakness
20188| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
20189| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
20190| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
20191| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
20192| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
20193| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
20194| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
20195| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
20196| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
20197| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
20198| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
20199| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
20200| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
20201| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
20202| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
20203| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
20204| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
20205| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
20206| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
20207| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
20208| [84719] MySQLDumper index.php page Parameter XSS
20209| [84680] MySQL Squid Access Report access.log File Path XSS
20210| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
20211| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
20212| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
20213| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
20214| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
20215| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
20216| [83661] Oracle MySQL Unspecified Issue (59533)
20217| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
20218| [82803] Oracle MySQL Unspecified Issue (59387)
20219| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
20220| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
20221| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
20222| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
20223| [81614] MySQLDumper File Upload PHP Code Execution
20224| [81613] MySQLDumper main.php Multiple Function CSRF
20225| [81612] MySQLDumper restore.php filename Parameter XSS
20226| [81611] MySQLDumper sql.php Multiple Parameter XSS
20227| [81610] MySQLDumper install.php Multiple Parameter XSS
20228| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
20229| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
20230| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
20231| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
20232| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
20233| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
20234| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
20235| [81059] Oracle MySQL Server Multiple Unspecified Issues
20236| [79038] Webmin Process Listing MySQL Password Local Disclosure
20237| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
20238| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
20239| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
20240| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
20241| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
20242| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
20243| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
20244| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
20245| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
20246| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
20247| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
20248| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
20249| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
20250| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
20251| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
20252| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
20253| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
20254| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
20255| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
20256| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
20257| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
20258| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
20259| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
20260| [78375] Oracle MySQL Server Unspecified Local DoS
20261| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
20262| [78373] Oracle MySQL Server Unspecified Local Issue
20263| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
20264| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
20265| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
20266| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
20267| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
20268| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
20269| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
20270| [77040] DBD::mysqlPP Unspecified SQL Injection
20271| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
20272| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
20273| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
20274| [73387] Zend Framework PDO_MySql Character Set Security Bypass
20275| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
20276| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
20277| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
20278| [71368] Accellion File Transfer Appliance Weak MySQL root Password
20279| [70967] MySQL Eventum Admin User Creation CSRF
20280| [70966] MySQL Eventum preferences.php full_name Parameter XSS
20281| [70961] MySQL Eventum list.php Multiple Parameter XSS
20282| [70960] MySQL Eventum forgot_password.php URI XSS
20283| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
20284| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
20285| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
20286| [69395] MySQL Derived Table Grouping DoS
20287| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
20288| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
20289| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
20290| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
20291| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
20292| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
20293| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
20294| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
20295| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
20296| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
20297| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
20298| [68996] MySQL EXPLAIN EXTENDED Statement DoS
20299| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
20300| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
20301| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
20302| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
20303| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
20304| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
20305| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
20306| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
20307| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
20308| [67381] MySQL InnoDB Temporary Table Handling DoS
20309| [67380] MySQL BINLOG Statement Unspecified Argument DoS
20310| [67379] MySQL Multiple Operation NULL Argument Handling DoS
20311| [67378] MySQL Unique SET Column Join Statement Remote DoS
20312| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
20313| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
20314| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
20315| [66731] PHP Bundled MySQL Library Unspecified Issue
20316| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
20317| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
20318| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
20319| [65085] MySQL Enterprise Monitor Unspecified CSRF
20320| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
20321| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
20322| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
20323| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
20324| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
20325| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
20326| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
20327| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
20328| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
20329| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
20330| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
20331| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
20332| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
20333| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
20334| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
20335| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
20336| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
20337| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
20338| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
20339| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
20340| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
20341| [59907] MySQL on Windows bind-address Remote Connection Weakness
20342| [59906] MySQL on Windows Default Configuration Logging Weakness
20343| [59616] MySQL Hashed Password Weakness
20344| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
20345| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
20346| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
20347| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
20348| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
20349| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
20350| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
20351| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
20352| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
20353| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
20354| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
20355| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
20356| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
20357| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
20358| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
20359| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
20360| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
20361| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
20362| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
20363| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
20364| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
20365| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
20366| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
20367| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
20368| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
20369| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
20370| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
20371| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
20372| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
20373| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
20374| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
20375| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
20376| [52464] MySQL charset Column Truncation Weakness
20377| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
20378| [52378] Cisco ANM MySQL root Account Default Password
20379| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
20380| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
20381| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
20382| [50892] MySQL Calendar index.php username Parameter SQL Injection
20383| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
20384| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
20385| [48710] MySQL Command Line Client HTML Output XSS
20386| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
20387| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
20388| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
20389| [47789] mysql-lists Unspecified XSS
20390| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
20391| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
20392| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
20393| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
20394| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
20395| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
20396| [43179] MySQL Server BINLOG Statement Rights Checking Failure
20397| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
20398| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
20399| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
20400| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
20401| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
20402| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
20403| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
20404| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
20405| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
20406| [39279] PHP mysql_error() Function XSS
20407| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
20408| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
20409| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
20410| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
20411| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
20412| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
20413| [37782] MySQL Community Server External Table View Privilege Escalation
20414| [37781] MySQL ALTER TABLE Information Disclosure
20415| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
20416| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
20417| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
20418| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
20419| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
20420| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
20421| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
20422| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
20423| [36251] Associated Press (AP) Newspower Default MySQL root Password
20424| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
20425| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
20426| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
20427| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
20428| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
20429| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
20430| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
20431| [33974] MySQL information_schema Table Subselect Single-Row DoS
20432| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
20433| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
20434| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
20435| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
20436| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
20437| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
20438| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
20439| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
20440| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
20441| [32056] BTSaveMySql Direct Request Config File Disclosure
20442| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
20443| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
20444| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
20445| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
20446| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
20447| [29696] MySQLDumper sql.php db Parameter XSS
20448| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
20449| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
20450| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
20451| [28288] MySQL Instance_options::complete_initialization Function Overflow
20452| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
20453| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
20454| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
20455| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
20456| [28012] MySQL Case Sensitivity Unauthorized Database Creation
20457| [27919] MySQL VIEW Access information_schema.views Information Disclosure
20458| [27703] MySQL MERGE Table Privilege Persistence
20459| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
20460| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
20461| [27416] MySQL Server time.cc date_format Function Format String
20462| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
20463| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
20464| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
20465| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
20466| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
20467| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
20468| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
20469| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
20470| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
20471| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
20472| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
20473| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
20474| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
20475| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
20476| [25595] Apple Mac OS X MySQL Manager Blank root Password
20477| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
20478| [25227] MySQL COM_TABLE_DUMP Packet Overflow
20479| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
20480| [24245] Cholod Mysql Based Message Board Unspecified XSS
20481| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
20482| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
20483| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
20484| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
20485| [23526] MySQL Query NULL Charcter Logging Bypass
20486| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
20487| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
20488| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
20489| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
20490| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
20491| [22479] PHP mysqli Extension Error Message Format String
20492| [22232] PHP Pipe Variable mysql_connect() Function Overflow
20493| [21685] MySQL Auction Search Module keyword XSS
20494| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
20495| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
20496| [19457] aMember Pro mysql.inc.php Remote File Inclusion
20497| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
20498| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
20499| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
20500| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
20501| [18896] MySQL User-Defined Function init_syms() Function Overflow
20502| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
20503| [18894] MySQL drop database Request Remote Overflow
20504| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
20505| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
20506| [18406] MySQL Eventum releases.php SQL Injection
20507| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
20508| [18404] MySQL Eventum custom_fields.php SQL Injection
20509| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
20510| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
20511| [18401] MySQL Eventum list.php release Parameter XSS
20512| [18400] MySQL Eventum view.php id Parameter XSS
20513| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
20514| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
20515| [17223] xMySQLadmin Symlink Arbitrary File Deletion
20516| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
20517| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
20518| [16056] Plans Unspecified mySQL Remote Password Disclosure
20519| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
20520| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
20521| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
20522| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
20523| [14748] MySQL MS-DOS Device Names Request DoS
20524| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
20525| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
20526| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
20527| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
20528| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
20529| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
20530| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
20531| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
20532| [12919] MySQL MaxDB WebAgent websql Remote Overflow
20533| [12779] MySQL User Defined Function Privilege Escalation
20534| [12609] MySQL Eventum projects.php Multiple Parameter XSS
20535| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
20536| [12607] MySQL Eventum forgot_password.php email Parameter XSS
20537| [12606] MySQL Eventum index.php email Parameter XSS
20538| [12605] MySQL Eventum Default Vendor Account
20539| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
20540| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
20541| [11689] Roxen Web Server MySQL Socket Permission Weakness
20542| [10985] MySQL MATCH..AGAINST Query DoS
20543| [10959] MySQL GRANT ALL ON Privilege Escalation
20544| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
20545| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
20546| [10658] MySQL mysql_real_connect() Function Remote Overflow
20547| [10532] MySQL MaxDB webdbm Server Field DoS
20548| [10491] AWS MySQLguest AWSguest.php Script Insertion
20549| [10244] MySQL libmysqlclient Prepared Statements API Overflow
20550| [10226] MySQLGuest AWSguest.php Multiple Field XSS
20551| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
20552| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
20553| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
20554| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
20555| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
20556| [9907] MySQL SELECT Statement String Handling Overflow
20557| [9906] MySQL GRANT Privilege Arbitrary Password Modification
20558| [9509] teapop MySQL Authentication Module SQL Injection
20559| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
20560| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
20561| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
20562| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
20563| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
20564| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
20565| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
20566| [8886] MySQL libmysqlclient Library read_one_row Overflow
20567| [8885] MySQL libmysqlclient Library read_rows Overflow
20568| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
20569| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
20570| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
20571| [7128] MySQL show database Database Name Exposure
20572| [6716] MySQL Database Engine Weak Authentication Information Disclosure
20573| [6605] MySQL mysqld Readable Log File Information Disclosure
20574| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
20575| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
20576| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
20577| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
20578| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
20579| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
20580| [520] MySQL Database Name Traversal Arbitrary File Modification
20581| [380] MySQL Server on Windows Default Null Root Password
20582| [261] MySQL Short Check String Authentication Bypass
20583|_
2058450000/tcp closed ibm-db2
2058550001/tcp closed unknown
2058650002/tcp closed iiimsf
2058750003/tcp closed unknown
2058850006/tcp closed unknown
2058950300/tcp closed unknown
2059050389/tcp closed unknown
2059150500/tcp closed unknown
2059250636/tcp closed unknown
2059350800/tcp closed unknown
20594Service Info: Host: a2plcpnl0708.prod.iad2.secureserver.net
20595
20596Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
20597Nmap done: 1 IP address (1 host up) scanned in 219.48 seconds
20598######################################################################################################################################
20599[+] URL: http://www.paltahass.cl/ [107.180.28.114]
20600[+] Started: Thu Mar 12 08:08:29 2020
20601
20602Interesting Finding(s):
20603
20604[+] Headers
20605 | Interesting Entries:
20606 | - Server: Apache
20607 | - Upgrade: h2,h2c
20608 | Found By: Headers (Passive Detection)
20609 | Confidence: 100%
20610
20611[+] http://www.paltahass.cl/robots.txt
20612 | Interesting Entries:
20613 | - /wp-admin/
20614 | - /wp-admin/admin-ajax.php
20615 | Found By: Robots Txt (Aggressive Detection)
20616 | Confidence: 100%
20617
20618[+] XML-RPC seems to be enabled: http://www.paltahass.cl/xmlrpc.php
20619 | Found By: Link Tag (Passive Detection)
20620 | Confidence: 100%
20621 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
20622 | References:
20623 | - http://codex.wordpress.org/XML-RPC_Pingback_API
20624 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
20625 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
20626 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
20627 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
20628
20629[+] http://www.paltahass.cl/readme.html
20630 | Found By: Direct Access (Aggressive Detection)
20631 | Confidence: 100%
20632
20633[+] http://www.paltahass.cl/wp-cron.php
20634 | Found By: Direct Access (Aggressive Detection)
20635 | Confidence: 60%
20636 | References:
20637 | - https://www.iplocation.net/defend-wordpress-from-ddos
20638 | - https://github.com/wpscanteam/wpscan/issues/1299
20639
20640[+] WordPress version 5.1.4 identified (Latest, released on 2019-12-12).
20641 | Found By: Rss Generator (Passive Detection)
20642 | - http://www.paltahass.cl/feed/, <generator>https://wordpress.org/?v=5.1.4</generator>
20643 | - http://www.paltahass.cl/comments/feed/, <generator>https://wordpress.org/?v=5.1.4</generator>
20644
20645[+] WordPress theme in use: Divi
20646 | Location: http://www.paltahass.cl/wp-content/themes/Divi/
20647 | Readme: http://www.paltahass.cl/wp-content/themes/Divi/README.md
20648 | Style URL: http://www.paltahass.cl/wp-content/themes/Divi/style.css
20649 | Style Name: Divi
20650 | Style URI: http://www.elegantthemes.com/gallery/divi/
20651 | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection....
20652 | Author: Elegant Themes
20653 | Author URI: http://www.elegantthemes.com
20654 |
20655 | Found By: Urls In Homepage (Passive Detection)
20656 | Confirmed By: Urls In 404 Page (Passive Detection)
20657 |
20658 | Version: 3.11 (80% confidence)
20659 | Found By: Style (Passive Detection)
20660 | - http://www.paltahass.cl/wp-content/themes/Divi/style.css, Match: 'Version: 3.11'
20661
20662[+] Enumerating All Plugins (via Passive Methods)
20663[+] Checking Plugin Versions (via Passive and Aggressive Methods)
20664
20665[i] Plugin(s) Identified:
20666
20667[+] hover-effects-for-visual-composer
20668 | Location: http://www.paltahass.cl/wp-content/plugins/hover-effects-for-visual-composer/
20669 | Last Updated: 2019-11-26T10:08:00.000Z
20670 | [!] The version is out of date, the latest version is 1.6.6
20671 |
20672 | Found By: Urls In 404 Page (Passive Detection)
20673 |
20674 | Version: 1.6.2 (100% confidence)
20675 | Found By: Readme - Stable Tag (Aggressive Detection)
20676 | - http://www.paltahass.cl/wp-content/plugins/hover-effects-for-visual-composer/readme.txt
20677 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
20678 | - http://www.paltahass.cl/wp-content/plugins/hover-effects-for-visual-composer/readme.txt
20679
20680[+] js_composer
20681 | Location: http://www.paltahass.cl/wp-content/plugins/js_composer/
20682 |
20683 | Found By: Urls In Homepage (Passive Detection)
20684 | Confirmed By:
20685 | Urls In 404 Page (Passive Detection)
20686 | Meta Generator (Passive Detection)
20687 | Body Tag (Passive Detection)
20688 |
20689 | Version: 5.1.1 (80% confidence)
20690 | Found By: Body Tag (Passive Detection)
20691 | - http://www.paltahass.cl/, Match: 'js-comp-ver-5.1.1'
20692 | Confirmed By: Query Parameter (Passive Detection)
20693 | - http://www.paltahass.cl/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.1.1
20694 | - http://www.paltahass.cl/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=5.1.1
20695
20696[+] mega-addons-for-visual-composer
20697 | Location: http://www.paltahass.cl/wp-content/plugins/mega-addons-for-visual-composer/
20698 | Last Updated: 2020-03-04T07:42:00.000Z
20699 | [!] The version is out of date, the latest version is 4.0
20700 |
20701 | Found By: Urls In Homepage (Passive Detection)
20702 | Confirmed By: Urls In 404 Page (Passive Detection)
20703 |
20704 | Version: 2.2 (100% confidence)
20705 | Found By: Readme - Stable Tag (Aggressive Detection)
20706 | - http://www.paltahass.cl/wp-content/plugins/mega-addons-for-visual-composer/readme.txt
20707 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
20708 | - http://www.paltahass.cl/wp-content/plugins/mega-addons-for-visual-composer/readme.txt
20709
20710[+] sitepress-multilingual-cms
20711 | Location: http://www.paltahass.cl/wp-content/plugins/sitepress-multilingual-cms/
20712 | Latest Version: 2.0.4.1 (up to date)
20713 | Last Updated: 2011-06-05T13:40:00.000Z
20714 |
20715 | Found By: Urls In Homepage (Passive Detection)
20716 | Confirmed By:
20717 | Urls In 404 Page (Passive Detection)
20718 | Meta Generator (Passive Detection)
20719 |
20720 | Version: 3.9.3 (100% confidence)
20721 | Found By: Meta Generator (Passive Detection)
20722 | - http://www.paltahass.cl/, Match: 'WPML ver:3.9.3 stt'
20723 | Confirmed By: Dependencies File (Aggressive Detection)
20724 | - http://www.paltahass.cl/wp-content/plugins/sitepress-multilingual-cms/wpml-dependencies.json, Match: '3.9.3'
20725
20726[+] smart-slider-3
20727 | Location: http://www.paltahass.cl/wp-content/plugins/smart-slider-3/
20728 | Last Updated: 2020-02-12T11:46:00.000Z
20729 | [!] The version is out of date, the latest version is 3.3.27
20730 |
20731 | Found By: Urls In Homepage (Passive Detection)
20732 |
20733 | Version: 3.3.20 (100% confidence)
20734 | Found By: Readme - Stable Tag (Aggressive Detection)
20735 | - http://www.paltahass.cl/wp-content/plugins/smart-slider-3/readme.txt
20736 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
20737 | - http://www.paltahass.cl/wp-content/plugins/smart-slider-3/readme.txt
20738
20739[+] widget-indicadores-economicos-chile
20740 | Location: http://www.paltahass.cl/wp-content/plugins/widget-indicadores-economicos-chile/
20741 | Latest Version: 2.5 (up to date)
20742 | Last Updated: 2016-05-31T23:45:00.000Z
20743 |
20744 | Found By: Urls In 404 Page (Passive Detection)
20745 |
20746 | Version: 2.5 (100% confidence)
20747 | Found By: Readme - Stable Tag (Aggressive Detection)
20748 | - http://www.paltahass.cl/wp-content/plugins/widget-indicadores-economicos-chile/readme.txt
20749 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
20750 | - http://www.paltahass.cl/wp-content/plugins/widget-indicadores-economicos-chile/readme.txt
20751
20752[+] wordfence
20753 | Location: http://www.paltahass.cl/wp-content/plugins/wordfence/
20754 | Latest Version: 7.4.6 (up to date)
20755 | Last Updated: 2020-02-12T16:18:00.000Z
20756 |
20757 | Found By: Javascript Var (Passive Detection)
20758 |
20759 | Version: 7.4.6 (80% confidence)
20760 | Found By: Readme - Stable Tag (Aggressive Detection)
20761 | - http://www.paltahass.cl/wp-content/plugins/wordfence/readme.txt
20762
20763[+] wp-forecast
20764 | Location: http://www.paltahass.cl/wp-content/plugins/wp-forecast/
20765 | Last Updated: 2019-11-25T07:20:00.000Z
20766 | [!] The version is out of date, the latest version is 6.6
20767 |
20768 | Found By: Urls In Homepage (Passive Detection)
20769 | Confirmed By: Urls In 404 Page (Passive Detection)
20770 |
20771 | Version: 6.1 (100% confidence)
20772 | Found By: Readme - Stable Tag (Aggressive Detection)
20773 | - http://www.paltahass.cl/wp-content/plugins/wp-forecast/readme.txt
20774 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
20775 | - http://www.paltahass.cl/wp-content/plugins/wp-forecast/readme.txt
20776
20777[+] wp-show-posts
20778 | Location: http://www.paltahass.cl/wp-content/plugins/wp-show-posts/
20779 | Latest Version: 1.1.3 (up to date)
20780 | Last Updated: 2019-03-14T17:45:00.000Z
20781 |
20782 | Found By: Urls In 404 Page (Passive Detection)
20783 |
20784 | Version: 1.1.3 (100% confidence)
20785 | Found By: Query Parameter (Passive Detection)
20786 | - http://www.paltahass.cl/wp-content/plugins/wp-show-posts/css/wp-show-posts-min.css?ver=1.1.3
20787 | Confirmed By:
20788 | Readme - Stable Tag (Aggressive Detection)
20789 | - http://www.paltahass.cl/wp-content/plugins/wp-show-posts/readme.txt
20790 | Readme - ChangeLog Section (Aggressive Detection)
20791 | - http://www.paltahass.cl/wp-content/plugins/wp-show-posts/readme.txt
20792
20793[+] Enumerating Config Backups (via Passive and Aggressive Methods)
20794 Checking Config Backups - Time: 00:01:25 <=============> (21 / 21) 100.00% Time: 00:01:25
20795
20796[i] No Config Backups Found.
20797
20798[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
20799[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
20800
20801[+] Finished: Thu Mar 12 08:11:23 2020
20802[+] Requests Done: 68
20803[+] Cached Requests: 16
20804[+] Data Sent: 16.492 KB
20805[+] Data Received: 791.086 KB
20806[+] Memory used: 171.84 MB
20807[+] Elapsed time: 00:02:54
20808######################################################################################################################################
20809[+] URL: http://www.paltahass.cl/ [107.180.28.114]
20810[+] Started: Thu Mar 12 08:08:22 2020
20811
20812Interesting Finding(s):
20813
20814[+] Headers
20815 | Interesting Entries:
20816 | - Server: Apache
20817 | - Upgrade: h2,h2c
20818 | Found By: Headers (Passive Detection)
20819 | Confidence: 100%
20820
20821[+] http://www.paltahass.cl/robots.txt
20822 | Interesting Entries:
20823 | - /wp-admin/
20824 | - /wp-admin/admin-ajax.php
20825 | Found By: Robots Txt (Aggressive Detection)
20826 | Confidence: 100%
20827
20828[+] XML-RPC seems to be enabled: http://www.paltahass.cl/xmlrpc.php
20829 | Found By: Link Tag (Passive Detection)
20830 | Confidence: 100%
20831 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
20832 | References:
20833 | - http://codex.wordpress.org/XML-RPC_Pingback_API
20834 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
20835 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
20836 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
20837 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
20838
20839[+] http://www.paltahass.cl/readme.html
20840 | Found By: Direct Access (Aggressive Detection)
20841 | Confidence: 100%
20842
20843[+] http://www.paltahass.cl/wp-cron.php
20844 | Found By: Direct Access (Aggressive Detection)
20845 | Confidence: 60%
20846 | References:
20847 | - https://www.iplocation.net/defend-wordpress-from-ddos
20848 | - https://github.com/wpscanteam/wpscan/issues/1299
20849
20850[+] WordPress version 5.1.4 identified (Latest, released on 2019-12-12).
20851 | Found By: Rss Generator (Passive Detection)
20852 | - http://www.paltahass.cl/feed/, <generator>https://wordpress.org/?v=5.1.4</generator>
20853 | - http://www.paltahass.cl/comments/feed/, <generator>https://wordpress.org/?v=5.1.4</generator>
20854
20855[+] WordPress theme in use: Divi
20856 | Location: http://www.paltahass.cl/wp-content/themes/Divi/
20857 | Readme: http://www.paltahass.cl/wp-content/themes/Divi/README.md
20858 | Style URL: http://www.paltahass.cl/wp-content/themes/Divi/style.css
20859 | Style Name: Divi
20860 | Style URI: http://www.elegantthemes.com/gallery/divi/
20861 | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection....
20862 | Author: Elegant Themes
20863 | Author URI: http://www.elegantthemes.com
20864 |
20865 | Found By: Urls In Homepage (Passive Detection)
20866 | Confirmed By: Urls In 404 Page (Passive Detection)
20867 |
20868 | Version: 3.11 (80% confidence)
20869 | Found By: Style (Passive Detection)
20870 | - http://www.paltahass.cl/wp-content/themes/Divi/style.css, Match: 'Version: 3.11'
20871
20872[+] Enumerating Users (via Passive and Aggressive Methods)
20873 Brute Forcing Author IDs - Time: 00:00:10 <==> (10 / 10) 100.00% Time: 00:00:10
20874
20875[i] User(s) Identified:
20876
20877[+] palta-hass
20878 | Found By: Rss Generator (Passive Detection)
20879 | Confirmed By: Rss Generator (Aggressive Detection)
20880
20881[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
20882[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
20883
20884[+] Finished: Thu Mar 12 08:09:50 2020
20885[+] Requests Done: 47
20886[+] Cached Requests: 8
20887[+] Data Sent: 10.574 KB
20888[+] Data Received: 902.336 KB
20889[+] Memory used: 115.469 MB
20890[+] Elapsed time: 00:01:28
20891######################################################################################################################################
20892[+] URL: http://www.paltahass.cl/ [107.180.28.114]
20893[+] Started: Thu Mar 12 08:29:51 2020
20894
20895Interesting Finding(s):
20896
20897[+] Headers
20898 | Interesting Entries:
20899 | - Server: Apache
20900 | - Upgrade: h2,h2c
20901 | Found By: Headers (Passive Detection)
20902 | Confidence: 100%
20903
20904[+] http://www.paltahass.cl/robots.txt
20905 | Interesting Entries:
20906 | - /wp-admin/
20907 | - /wp-admin/admin-ajax.php
20908 | Found By: Robots Txt (Aggressive Detection)
20909 | Confidence: 100%
20910
20911[+] XML-RPC seems to be enabled: http://www.paltahass.cl/xmlrpc.php
20912 | Found By: Link Tag (Passive Detection)
20913 | Confidence: 100%
20914 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
20915 | References:
20916 | - http://codex.wordpress.org/XML-RPC_Pingback_API
20917 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
20918 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
20919 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
20920 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
20921
20922[+] http://www.paltahass.cl/readme.html
20923 | Found By: Direct Access (Aggressive Detection)
20924 | Confidence: 100%
20925
20926[+] http://www.paltahass.cl/wp-cron.php
20927 | Found By: Direct Access (Aggressive Detection)
20928 | Confidence: 60%
20929 | References:
20930 | - https://www.iplocation.net/defend-wordpress-from-ddos
20931 | - https://github.com/wpscanteam/wpscan/issues/1299
20932
20933[+] WordPress version 5.1.4 identified (Latest, released on 2019-12-12).
20934 | Found By: Rss Generator (Passive Detection)
20935 | - http://www.paltahass.cl/feed/, <generator>https://wordpress.org/?v=5.1.4</generator>
20936 | - http://www.paltahass.cl/comments/feed/, <generator>https://wordpress.org/?v=5.1.4</generator>
20937
20938[+] WordPress theme in use: Divi
20939 | Location: http://www.paltahass.cl/wp-content/themes/Divi/
20940 | Readme: http://www.paltahass.cl/wp-content/themes/Divi/README.md
20941 | Style URL: http://www.paltahass.cl/wp-content/themes/Divi/style.css
20942 | Style Name: Divi
20943 | Style URI: http://www.elegantthemes.com/gallery/divi/
20944 | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection....
20945 | Author: Elegant Themes
20946 | Author URI: http://www.elegantthemes.com
20947 |
20948 | Found By: Urls In Homepage (Passive Detection)
20949 | Confirmed By: Urls In 404 Page (Passive Detection)
20950 |
20951 | Version: 3.11 (80% confidence)
20952 | Found By: Style (Passive Detection)
20953 | - http://www.paltahass.cl/wp-content/themes/Divi/style.css, Match: 'Version: 3.11'
20954
20955[+] Enumerating Users (via Passive and Aggressive Methods)
20956 Brute Forcing Author IDs - Time: 00:00:14 <============> (10 / 10) 100.00% Time: 00:00:14
20957
20958[i] User(s) Identified:
20959
20960[+] palta-hass
20961 | Found By: Rss Generator (Passive Detection)
20962 | Confirmed By: Rss Generator (Aggressive Detection)
20963
20964[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
20965[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
20966
20967[+] Finished: Thu Mar 12 08:31:18 2020
20968[+] Requests Done: 47
20969[+] Cached Requests: 8
20970[+] Data Sent: 11.4 KB
20971[+] Data Received: 902.298 KB
20972[+] Memory used: 115.703 MB
20973[+] Elapsed time: 00:01:27
20974######################################################################################################################################
20975[INFO] ------TARGET info------
20976[*] TARGET: http://www.paltahass.cl/
20977[*] TARGET IP: 107.180.28.114
20978[INFO] NO load balancer detected for www.paltahass.cl...
20979[*] DNS servers: paltahass.cl.
20980[*] TARGET server: Apache
20981[*] CC: US
20982[*] Country: United States
20983[*] RegionCode: AZ
20984[*] RegionName: Arizona
20985[*] City: Scottsdale
20986[*] ASN: AS26496
20987[*] BGP_PREFIX: 107.180.0.0/17
20988[*] ISP: AS-26496-GO-DADDY-COM-LLC, US
20989[INFO] DNS enumeration:
20990[*] admin.paltahass.cl 107.180.28.114
20991[*] mail.paltahass.cl 107.180.28.114
20992[INFO] Possible abuse mails are:
20993[*] abuse@paltahass.cl
20994[*] abuse@www.paltahass.cl
20995[*] fbl-spamcop@ext.godaddy.com
20996[INFO] NO PAC (Proxy Auto Configuration) file FOUND
20997[ALERT] robots.txt file FOUND in http://www.paltahass.cl/robots.txt
20998[INFO] Checking for HTTP status codes recursively from http://www.paltahass.cl/robots.txt
20999[INFO] Status code Folders
21000[*] 200 http://www.paltahass.cl/wp-admin/
21001[INFO] Starting FUZZing in http://www.paltahass.cl/FUzZzZzZzZz...
21002[INFO] Status code Folders
21003[*] 200 http://www.paltahass.cl/news
21004[*] 200 http://www.paltahass.cl/12
21005[ALERT] Look in the source code. It may contain passwords
21006[INFO] Links found from http://www.paltahass.cl/ http://107.180.28.114/:
21007[*] http://107.180.28.114/cpanel
21008[*] http://paltahass.cl/
21009[*] http://prueba.paltahass.cl/campanas
21010[*] https://www.googletagmanager.com/ns.html?id=GTM-WMHJS4P
21011[*] https://www.youtube.com/channel/UC1WiMPOyeXFzaScy9D473pw/featured
21012[*] http://www.paltahass.cl/
21013[*] http://www.paltahass.cl/campanas
21014[*] http://www.paltahass.cl/comments/feed/
21015[*] http://www.paltahass.cl/contacto/
21016[*] http://www.paltahass.cl/en/
21017[*] http://www.paltahass.cl/estadisticas/
21018[*] http://www.paltahass.cl/feed/
21019[*] http://www.paltahass.cl/medio-ambiente
21020[*] http://www.paltahass.cl/medio-ambiente/
21021[*] http://www.paltahass.cl/noticias
21022[*] http://www.paltahass.cl/noticias/
21023[*] http://www.paltahass.cl/prensa/
21024[*] http://www.paltahass.cl/quienes-somos
21025[*] http://www.paltahass.cl/quienes-somos/
21026[*] http://www.paltahass.cl/recetas
21027[*] http://www.paltahass.cl/recetas/
21028[*] http://www.paltahass.cl/salud
21029[*] http://www.paltahass.cl/salud/
21030[*] http://www.paltahass.cl/socios-comite/
21031[*] http://www.paltahass.cl/wp-json/oembed/1.0/embed?url=http://www.paltahass.cl/
21032[*] http://www.paltahass.cl/wp-json/oembed/1.0/embed?url=http://www.paltahass.cl/&format=xml
21033[*] http://www.paltahass.cl/zh-hans/
21034cut: intervalle de champ incorrecte
21035Saisissez « cut --help » pour plus d'informations.
21036[INFO] BING shows 107.180.28.114 is shared with 58,200 hosts/vhosts
21037[INFO] Shodan detected the following opened ports on 107.180.28.114:
21038[*] 0
21039[*] 1
21040[*] 2
21041[*] 2077
21042[*] 2086
21043[*] 21
21044[*] 4
21045[*] 443
21046[*] 80
21047[INFO] ------VirusTotal SECTION------
21048[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
21049[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
21050[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
21051[INFO] ------Alexa Rank SECTION------
21052[INFO] Percent of Visitors Rank in Country:
21053[INFO] Percent of Search Traffic:
21054[INFO] Percent of Unique Visits:
21055[INFO] Total Sites Linking In:
21056[*] Total Sites
21057[INFO] Useful links related to www.paltahass.cl - 107.180.28.114:
21058[*] https://www.virustotal.com/pt/ip-address/107.180.28.114/information/
21059[*] https://www.hybrid-analysis.com/search?host=107.180.28.114
21060[*] https://www.shodan.io/host/107.180.28.114
21061[*] https://www.senderbase.org/lookup/?search_string=107.180.28.114
21062[*] https://www.alienvault.com/open-threat-exchange/ip/107.180.28.114
21063[*] http://pastebin.com/search?q=107.180.28.114
21064[*] http://urlquery.net/search.php?q=107.180.28.114
21065[*] http://www.alexa.com/siteinfo/www.paltahass.cl
21066[*] http://www.google.com/safebrowsing/diagnostic?site=www.paltahass.cl
21067[*] https://censys.io/ipv4/107.180.28.114
21068[*] https://www.abuseipdb.com/check/107.180.28.114
21069[*] https://urlscan.io/search/#107.180.28.114
21070[*] https://github.com/search?q=107.180.28.114&type=Code
21071[INFO] Useful links related to AS26496 - 107.180.0.0/17:
21072[*] http://www.google.com/safebrowsing/diagnostic?site=AS:26496
21073[*] https://www.senderbase.org/lookup/?search_string=107.180.0.0/17
21074[*] http://bgp.he.net/AS26496
21075[*] https://stat.ripe.net/AS26496
21076[INFO] Date: 12/03/20 | Time: 08:32:30
21077[INFO] Total time: 2 minute(s) and 37 second(s)
21078######################################################################################################################################
21079[-] Target: http://www.paltahass.cl (107.180.28.114)
21080[M] Website Not in HTTPS: http://www.paltahass.cl
21081[I] Server: Apache
21082[L] X-Frame-Options: Not Enforced
21083[I] Strict-Transport-Security: Not Enforced
21084[I] X-Content-Security-Policy: Not Enforced
21085[I] X-Content-Type-Options: Not Enforced
21086[L] Robots.txt Found: http://www.paltahass.cl/robots.txt
21087[I] CMS Detection: WordPress
21088[I] Wordpress Version: 5.1.4
21089[M] EDB-ID: 47720 "WordPress Core 5.3 - User Disclosure"
21090[M] EDB-ID: 47800 "WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service"
21091[M] EDB-ID: 47557 "WordPress Core 5.2.4 - Cross-Origin Resource Sharing"
21092[M] EDB-ID: 47361 "WordPress 5.2.3 - Cross-Site Host Modification"
21093[M] EDB-ID: 47690 "WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts"
21094[I] Wordpress Theme: Divi
21095[M] EDB-ID: 40042 "WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection"
21096[M] EDB-ID: 4397 "Claymore Dual GPU Miner 10.5 - Format String"
21097[-] WordPress usernames identified:
21098[M] palta-hass
21099[M] XML-RPC services are enabled
21100[M] Website vulnerable to XML-RPC Brute Force Vulnerability
21101[I] Autocomplete Off Not Found: http://www.paltahass.cl/wp-login.php
21102[-] Default WordPress Files:
21103[I] http://www.paltahass.cl/license.txt
21104[I] http://www.paltahass.cl/readme.html
21105[I] http://www.paltahass.cl/wp-content/themes/twentynineteen/readme.txt
21106[I] http://www.paltahass.cl/wp-includes/ID3/license.commercial.txt
21107[I] http://www.paltahass.cl/wp-includes/ID3/license.txt
21108[I] http://www.paltahass.cl/wp-includes/ID3/readme.txt
21109[I] http://www.paltahass.cl/wp-includes/images/crystal/license.txt
21110[I] http://www.paltahass.cl/wp-includes/js/plupload/license.txt
21111[I] http://www.paltahass.cl/wp-includes/js/swfupload/license.txt
21112[I] http://www.paltahass.cl/wp-includes/js/tinymce/license.txt
21113[-] Searching Wordpress Plugins ...
21114[I] feed
21115[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
21116[I] hover-effects-for-visual-composer v1.6.2
21117[I] js_composer
21118[I] mega-addons-for-visual-composer v2.2
21119[I] sitepress-multilingual-cms
21120[I] smart-slider-3 v3.3.20
21121[I] widget-indicadores-economicos-chile v2.5
21122[I] wp-forecast v6.1
21123[I] wp-show-posts v1.1.3
21124[I] Checking for Directory Listing Enabled ...
21125[-] Date & Time: 12/03/2020 08:28:46
21126[-] Completed in: 0:20:19
21127######################################################################################################################################
21128 Anonymous JTSEC #OpChili Full Recon #62